From 10c377b9b92615f5408f8a40e93860f064d0d4ff Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 16 Nov 2015 05:32:32 +0000 Subject: [PATCH] Decrease the chances that `wp_tempnam()` will conflict with an existing file by suffixing a random ID to the generated filename. This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file. Fixes #34562 git-svn-id: https://develop.svn.wordpress.org/trunk@35644 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/file.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php index 1cd0e4ca3d..ce7acf73bb 100644 --- a/src/wp-admin/includes/file.php +++ b/src/wp-admin/includes/file.php @@ -164,9 +164,18 @@ function wp_tempnam( $filename = '', $dir = '' ) { return wp_tempnam( dirname( $filename ), $dir ); } + // Suffix some random data to avoid filename conflicts + $temp_filename .= '-' . wp_generate_password( 6, false ); $temp_filename .= '.tmp'; $temp_filename = $dir . wp_unique_filename( $dir, $temp_filename ); - touch( $temp_filename ); + + $fp = @fopen( $temp_filename, 'x' ); + if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) { + return wp_tempnam( $filename, $dir ); + } + if ( $fp ) { + fclose( $fp ); + } return $temp_filename; }