sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename. 

This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562


git-svn-id: https://develop.svn.wordpress.org/trunk@35644 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dion Hulse 2015-11-16 05:32:32 +00:00
parent b1bea5bf5c
commit 10c377b9b9
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/wp-admin/includes/file.php
View File

@ -164,9 +164,18 @@ function wp_tempnam( $filename = '', $dir = '' ) {
return wp_tempnam( dirname( $filename ), $dir );
}
// Suffix some random data to avoid filename conflicts
$temp_filename .= '-' . wp_generate_password( 6, false );
$temp_filename .= '.tmp';
$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
touch( $temp_filename );
$fp = @fopen( $temp_filename, 'x' );
if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
return wp_tempnam( $filename, $dir );
}
if ( $fp ) {
fclose( $fp );
}
return $temp_filename;
}