Commit Graph

123 Commits

Author SHA1 Message Date
Sergey Biryukov
0baa8ae85c Media: In _wp_handle_upload(), check if the file was properly uploaded before checking its size.
Props achbed, dglingren.
Fixes #39522.

git-svn-id: https://develop.svn.wordpress.org/trunk@42525 602fd350-edb4-49c9-b593-d223f7449a82
2018-01-17 07:15:57 +00:00
Gary Pendergast
8f95800d52 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42343 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-30 23:09:33 +00:00
Dion Hulse
44c75415b3 Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.
See #42609.
Fixes #42705.


git-svn-id: https://develop.svn.wordpress.org/trunk@42246 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 03:43:11 +00:00
Dion Hulse
6e0ba7864f Theme Editor: Validate files are editable based on their relative filenames, rather than full file path.
This fixes theme editing on Windows platforms where `validate_file()` will return `2` on a full file path.

Fixes #42609.


git-svn-id: https://develop.svn.wordpress.org/trunk@42244 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-27 03:27:19 +00:00
Dion Hulse
26fb077862 Filesystem: Use a more unique filename in wp_tempnam() and get_filesystem_method().
Using a filename which was generated from `time()` could cause two processes to try to use the same filename, causing unexpected behaviour.

Props jrchamp, bikecrazyy.
Fixes #42265.


git-svn-id: https://develop.svn.wordpress.org/trunk@42224 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-24 03:04:35 +00:00
Gary Pendergast
f797c252d9 General: Reformat inline if () statements inside HTML tags.
This pattern occurs a handful of times across the codebase:

`<div class="foo<?php if ( $bar ) { echo ' baz'; } ?>">`

Unfortunately, it doesn't really play nicely with `phpcbf`, so all instances need to be removed in preperation for auto code formatting.

See #41057.



git-svn-id: https://develop.svn.wordpress.org/trunk@42217 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-23 04:08:42 +00:00
Weston Ruter
3fab757196 Theme Editor: Ensure files listed recursively can be both viewed and edited.
Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.


git-svn-id: https://develop.svn.wordpress.org/trunk@42112 602fd350-edb4-49c9-b593-d223f7449a82
2017-11-02 23:04:54 +00:00
John Blackbourn
3e9a42ed27 Filesystem API: Add more specificity to the rules for valid files in validate_file().
This now treats files containing `./` as valid, and also treats files containing a trailing `../` as valid due to widespread use of this pattern in theme and plugin zip files.

Adds tests.

Props Ipstenu, borgesbruno, DavidAnderson, philipjohn, birgire
Fixes #42016, #36170


git-svn-id: https://develop.svn.wordpress.org/trunk@42011 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-24 23:14:33 +00:00
John Blackbourn
49b7cb458f Filesystem API: Don't immediately return an error for invalid file names contained within a Zip while it's being extracted.
This allows the extraction of the rest of the valid files within the archive to continue.

See #42016


git-svn-id: https://develop.svn.wordpress.org/trunk@42010 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-24 23:10:37 +00:00
John Blackbourn
7329816301 Docs: Improve the docs for validate_file() and validate_file_to_edit().
See #42016, #36170, #41017


git-svn-id: https://develop.svn.wordpress.org/trunk@42007 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-24 22:49:13 +00:00
Gary Pendergast
33a0ff50b7 File Editor: Add support for more than one sub-directory level.
The theme and plugin editors now list all files in the selected theme or plugin, recursing through subdirectories as necessary.

Props WraithKenny, schlessera, chsxf, MikeHansenMe, Daedalon, valendesigns, westonruter, pento.
Fixes #6531.



git-svn-id: https://develop.svn.wordpress.org/trunk@41806 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-10 05:33:57 +00:00
Weston Ruter
5deddd9c62 File Editor: Increase robustness of fatal error checking when saving PHP file edits.
* Increase PHP execution time limit prior to issuing loopback requests where are themselves given timeouts to ensure PHP file can be reverted.
* Output scrape messages on success and failure so that absence of either can also be flagged as an error condition.
* Forward browser's HTTP Basic Auth credentials in loopback requests to admin and home URL.
* Display more helpful message when loopback request fails.

Amends [41721].
See #21622.
Fixes #42102.


git-svn-id: https://develop.svn.wordpress.org/trunk@41805 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-10 05:26:53 +00:00
Weston Ruter
3fcfefd05c File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.
* Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
* Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
* After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
* Introduce a secure way to scrape PHP fatal errors from a site via `wp_start_scraping_edited_file_errors()` and `wp_finalize_scraping_edited_file_errors()`.
* Moves file modifications from `theme-editor.php` and `plugin-editor.php` to common `wp_edit_theme_plugin_file()` function.
* Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
* Use `get` method for theme/plugin dropdowns.
* Improve styling of plugin editors, including width of plugin/theme dropdowns.
* Improve notices API for theme/plugin editor JS component.
* Strip common base directory from plugin file list. See #24048.
* Factor out functions to list editable file types in `wp_get_theme_file_editable_extensions()` and `wp_get_plugin_file_editable_extensions()`.
* Scroll to line in editor that has linting error when attempting to save. See #41886.
* Add checkbox to dismiss lint errors to proceed with saving. See #41887.
* Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
* Ensure that value from CodeMirror is used instead of `textarea` when CodeMirror is present.
* Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.


git-svn-id: https://develop.svn.wordpress.org/trunk@41721 602fd350-edb4-49c9-b593-d223f7449a82
2017-10-04 00:19:16 +00:00
John Blackbourn
64e8c4952a Filesystem API: Ensure filenames are valid before attempting to unzip them to ensure malformed file paths don't cause issues.
git-svn-id: https://develop.svn.wordpress.org/trunk@41457 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-19 14:35:09 +00:00
Weston Ruter
7aa34b77e9 Customize: Re-use homepage settings help tab text from Reading Options admin screen in description for corresponding Customizer section.
Also remove "Static" reference in template name, missed in [41363].

See #41829.


git-svn-id: https://develop.svn.wordpress.org/trunk@41364 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-10 17:07:50 +00:00
Weston Ruter
d0dbcf5913 Customize: Rename "Static front page" to just "Homepage".
Props danieltj, melchoyce.
Fixes #41828.


git-svn-id: https://develop.svn.wordpress.org/trunk@41363 602fd350-edb4-49c9-b593-d223f7449a82
2017-09-10 16:19:53 +00:00
Drew Jaynes
0fb490ee1a Filesystem: Introduce the pre_move_uploaded_file filter.
Passing a non-null value to the filter will prevent the uploaded file from being moved to the uploads directory for any of the functions leveraging `_wp_handle_upload()`, such as `wp_handle_upload()` or `wp_handle_sideload()`.

Error reporting related to the file being moved will also be skipped.

Props ryan, Mte90.
Fixes #24603.


git-svn-id: https://develop.svn.wordpress.org/trunk@41258 602fd350-edb4-49c9-b593-d223f7449a82
2017-08-16 21:58:12 +00:00
Sergey Biryukov
7e8d932935 Docs: Add a @global entry for $allowed_files in get_file_description().
Props div33, ajayghaghretiya1.
Fixes #41294.

git-svn-id: https://develop.svn.wordpress.org/trunk@41032 602fd350-edb4-49c9-b593-d223f7449a82
2017-07-12 21:39:37 +00:00
Aaron D. Campbell
96c3a01019 Add nonce for updating file system credentials.
git-svn-id: https://develop.svn.wordpress.org/trunk@40723 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-16 14:47:08 +00:00
swissspidy
fd211c9a2e Cron API: Add a new wp_doing_cron() helper function.
This replaces `DOING_CRON` checks via the constant.

Props tfrommen.
Fixes #39591.


git-svn-id: https://develop.svn.wordpress.org/trunk@40575 602fd350-edb4-49c9-b593-d223f7449a82
2017-05-06 14:29:01 +00:00
Dion Hulse
85ad040c97 Updates: Remove a stray " from a tag.
Props afercia.
See #39057.


git-svn-id: https://develop.svn.wordpress.org/trunk@39656 602fd350-edb4-49c9-b593-d223f7449a82
2016-12-30 07:41:45 +00:00
Andrea Fercia
ee7f970ffa Administration: Improve the usage of the button CSS classes.
Introduces some consistency in the usage of the button CSS classes, fixes the
focus style for accessibility and responsiveness of the buttons.

- Adds the `button` class to all primary buttons make them responsive
- Removes all `secondary-button` classes and replaces it with button when needed. `button-secondary` shouldn't be used and exists just for backward compatibility reasons
- Replaces classes inside `submit_button()` with a shorthand for some buttons, and use an empty string for the default `button` class. Passing `button` is unnecessary
- Adjusts `get_submit_button()` to remove empty items

Props iseulde, dimchik, chris_d2d, mhowell, afercia.
Fixes #27314, #37138, #37448.


git-svn-id: https://develop.svn.wordpress.org/trunk@38672 602fd350-edb4-49c9-b593-d223f7449a82
2016-09-28 19:53:07 +00:00
Scott Taylor
cba0e2c8f7 Bootstrap: do not go gentle into that good night r38411, r38412, and parts of r38389.
See #36335.


git-svn-id: https://develop.svn.wordpress.org/trunk@38470 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-31 16:30:48 +00:00
Scott Taylor
4225e71a6b Bootstrap: after r38409 and r38410, revert r38402 which reverted r38399.
This fixes the paths in `wp-vendor/` that were including `src`. I want to drop this in so we can find out what else will break.

See #36335.


git-svn-id: https://develop.svn.wordpress.org/trunk@38411 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-27 22:31:11 +00:00
Dion Hulse
e353179ce5 Bootstrap: Revert [38399] as it's broken /build/ and subsequently core.svn.wordpress.org.
The generated classmaps reference `/src/` files and operates in the assumption that the base directory is one level above `wp-settings.php`, which it isn't after our build processes are run.

See #36335


git-svn-id: https://develop.svn.wordpress.org/trunk@38402 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-27 14:36:42 +00:00
Scott Taylor
388690382c Bootstrap: Autoload classes using a Composer-generated PHP 5.2-compatible Autoloader.
* `wp-admin` and `wp-includes` are scanned for classes to autoload
* Several 3rd-party and Ryan McCue-shaped libraries are excluded when the classmap is generated, see `composer.json`: `autoload.exclude-from-classmap`
* `wp-vendor/autoload_52.php` is included at the top of `wp-settings.php` - no changes need to be made to unit tests to include the autoloader
* An avalanche of `require()` and `require_once()` calls that loaded class files have been removed from the codebase.

The following files have been added to `svn:ignore` - they are not 5.2-compatible and fail during pre-commit:
* src/wp-vendor/autoload.php
* src/wp-vendor/composer/autoload_real.php
* src/wp-vendor/composer/autoload_static.php
* src/wp-vendor/composer/ClassLoader.php

We favor these files instead:
* src/wp-vendor/autoload_52.php
* src/wp-vendor/composer/autoload_real_52.php
* src/wp-vendor/composer/ClassLoader52.php

When new PHP classes are added to the codebase, simply run `composer install` or `composer update` from the project root to update the autoloader.

The future is now.

See #36335.


git-svn-id: https://develop.svn.wordpress.org/trunk@38399 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-27 09:15:01 +00:00
Scott Taylor
d911ef44dc Media: when calling pathinfo(), also pass a PATHINFO_* constant to avoid array notices for unset keys.
Props JaworskiMatt.
Fixes #37608.


git-svn-id: https://develop.svn.wordpress.org/trunk@38294 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-20 23:35:50 +00:00
Dominik Schilling
3844065c1a Media: In _wp_handle_upload() use call_user_func_array() to call the upload error handler.
The default error handler `wp_handle_upload_error()` expects a reference for the first parameter but `call_user_func()` doesn't pass parameters by reference. The current code didn't produce any issues until now. PHP 7.0.9 (and PHP 7.1) is now stricter and prevents calling the error handler with a warning:
> PHP Warning:  Parameter 1 to wp_handle_upload_error() expected to be a reference, value given.

To restore the error handler `_wp_handle_upload()` now uses `call_user_func_array()`.

Props jbrinley.
Props jorbin for review.
Fixes #37570.

git-svn-id: https://develop.svn.wordpress.org/trunk@38235 602fd350-edb4-49c9-b593-d223f7449a82
2016-08-09 21:53:12 +00:00
Dominik Schilling
076cbcdb71 Filesystem API: Prevent an endless self-calling loop in wp_tempnam().
Under certain conditions upgrades on Windows may fail because `wp_tempnam()` gets called in a loop.
This can happen when `wp_tempnam()` is called with `\.maintenance` for the `$filename` parameter. The function strips the extension, in this case `.maintenance`, which results in an empty filename. Because it's empty, `wp_tempnam()` calls itself with `dirname( '\.maintenance' )`. On *nix systems this would be `"/"` which allows `wp_tempnam()` to fall back on `time()`. But on Windows it's `"\"`.

This change adds the backslash to the list of characters which allow `wp_tempnam()` to fall back on `time()`.

See [32322], [31936].
Fixes #33999.

git-svn-id: https://develop.svn.wordpress.org/trunk@38151 602fd350-edb4-49c9-b593-d223f7449a82
2016-07-25 15:27:43 +00:00
Dominik Schilling
92231118dd Filesystem API: Change the default value for the $context parameter of get_filesystem_method() and request_filesystem_credentials() to an empty string.
`$context` is a full path to the directory that is tested for being writable. A path shouldn't be a boolean value.
This also updates `WP_Upgrader_Skin::request_filesystem_credentials()` and `Automatic_Upgrader_Skin::request_filesystem_credentials()` and adds missing docs.

Props DrewAPicture, ocean90.
Fixes #37412.


git-svn-id: https://develop.svn.wordpress.org/trunk@38138 602fd350-edb4-49c9-b593-d223f7449a82
2016-07-22 12:09:55 +00:00
Dominik Schilling
c68f1ec772 Bootstrap: Enhance core's memory limit handling.
* Don't lower memory limit if the current limit is greater than `WP_MAX_MEMORY_LIMIT`.
* Set `WP_MEMORY_LIMIT` and `WP_MAX_MEMORY_LIMIT` to current limit if the `memory_limit` setting can't be changed at runtime.
* Use `wp_convert_hr_to_bytes()` when parsing the value of the `memory_limit` setting because it can be a shorthand or an integer value.
* Introduce `wp_raise_memory_limit( $context )` to raise the PHP memory limit for memory intensive processes. This DRYs up some logic and includes the existing `admin_memory_limit` and `image_memory_limit` filters. The function can also be used for custom contexts, the `{$context}_memory_limit` filter allows to customize the limit.
* Introduce `wp_is_ini_value_changeable( $setting )` to determine whether a PHP ini value is changeable at runtime.
* Remove a `function_exists( 'memory_get_usage' )` check. Since PHP 5.2.1 support for memory limit is always enabled.

Related commits: [38011-38013]

Props jrf, A5hleyRich, swissspidy, ocean90.
Fixes #32075.

git-svn-id: https://develop.svn.wordpress.org/trunk@38015 602fd350-edb4-49c9-b593-d223f7449a82
2016-07-08 14:36:37 +00:00
Dion Hulse
dd472b7d2e Updates: Only use the filename component of URLs to form part of the temporary filename.
Previously we were passing the entire URL to `wp_tempnam()` (incorrectly) which caused the query string to be used as part of the temporary filename.
We now only use the file component of a url such as `https://example.com/filename.zip?arg1=1&arg2=2....&arg100=100` to prevent a long filename.

Fixes #34938


git-svn-id: https://develop.svn.wordpress.org/trunk@37598 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-31 02:20:58 +00:00
Drew Jaynes
2111185ab9 Docs: Apply inline @see tags to hooks referenced in DocBlocks for wp-admin/* files.
Applying these specially-crafted `@see` tags allows the Code Reference parser to recognize and link these elements as actions and filters.

See #36921.


git-svn-id: https://develop.svn.wordpress.org/trunk@37537 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-23 17:27:19 +00:00
Drew Jaynes
1cd420af5e Docs: Standardize hook docs in wp-admin/* to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.


git-svn-id: https://develop.svn.wordpress.org/trunk@37488 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-22 18:00:23 +00:00
Andrea Fercia
86b5802d75 Refine the FTP credentials form interaction.
Properly toggle SSH2 Authentication Keys fieldset visibility.
JavaScript and CSS clean-up.

Props Mte90.
Fixes #34376.

git-svn-id: https://develop.svn.wordpress.org/trunk@37467 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-19 22:58:55 +00:00
Dominik Schilling (ocean90)
954eeba053 Filesystem API: Don't add '.' to the list of directories which need to be checked/created when extracting a file.
Prevents a PHP warning by `WP_Filesystem_Direct::mkdir()` when installing a language pack which doesn't have subdirectories.

Props tfrommen.
Fixes #36570.

git-svn-id: https://develop.svn.wordpress.org/trunk@37421 602fd350-edb4-49c9-b593-d223f7449a82
2016-05-12 12:39:49 +00:00
Sergey Biryukov
2f3c1769fa Theme Editor: After [37217], add other embed templates to file descriptions.
Props Frozzare.
Fixes #34561. See #34561.

git-svn-id: https://develop.svn.wordpress.org/trunk@37232 602fd350-edb4-49c9-b593-d223f7449a82
2016-04-18 01:04:15 +00:00
Sergey Biryukov
25f590a423 Theme Editor: Add embed.php to file descriptions.
Props ramiy.
Fixes #36551.

git-svn-id: https://develop.svn.wordpress.org/trunk@37217 602fd350-edb4-49c9-b593-d223f7449a82
2016-04-16 12:46:26 +00:00
Dominik Schilling (ocean90)
39ddaa65cc Docs: Correct grammar when referring to "a URL" vs "an URL" in several places.
Fixes #36218.

git-svn-id: https://develop.svn.wordpress.org/trunk@36970 602fd350-edb4-49c9-b593-d223f7449a82
2016-03-12 12:38:48 +00:00
Drew Jaynes
5572e1d4f4 Docs: Add private access notation to the DocBlock for the core _wp_handle_upload() function.
See #32246.


git-svn-id: https://develop.svn.wordpress.org/trunk@36473 602fd350-edb4-49c9-b593-d223f7449a82
2016-02-03 20:18:15 +00:00
Sergey Biryukov
ac704e838c Media: In _wp_handle_upload(), move ending brace to a new line.
Props georgestephanis.
Fixes #35565.

git-svn-id: https://develop.svn.wordpress.org/trunk@36373 602fd350-edb4-49c9-b593-d223f7449a82
2016-01-21 20:26:06 +00:00
SergeyBiryukov
2ce0bfa8f4 Theme Editor: Break $wp_file_descriptions array into sections and reorder for consistency and readability.
Props ramiy.
Fixes #35223.

git-svn-id: https://develop.svn.wordpress.org/trunk@36088 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-25 21:11:02 +00:00
Sergey Biryukov
ffc86bf4e1 Theme Editor: Add taxonomy.php, home.php, front-page.php, date.php, and singular.php to file descriptions.
Props ramiy.
See #35223.

git-svn-id: https://develop.svn.wordpress.org/trunk@36087 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-25 21:04:13 +00:00
Sergey Biryukov
ddf45b0142 Docs: Improve documentation for request_filesystem_credentials() and the corresponding filter.
Props swissspidy, danhgilmore, slushman.
Fixes #34858.

git-svn-id: https://develop.svn.wordpress.org/trunk@35888 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-12 16:15:07 +00:00
Pascal Birchler
4e58589669 Docs: Fix some minor DocBlock alignment issues.
See #32246.

git-svn-id: https://develop.svn.wordpress.org/trunk@35885 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-12 15:36:36 +00:00
John Blackbourn
c4cf5124ca Comments: The year is 2003. Permalinks are a new thing and everyone's using Blogger. It's a time when opening a modal window in JavaScript to view a section of a website is not a completely weird thing, although many users get annoyed by it. b2 has recently become WordPress, and with it comes a bunch of functionality that will become stale over the next decade, remnants of simpler times.
Twelve years later, after no fewer than three themes have intentionally implemented popup comments in their functionality, before being abandoned for at least the last six years, we've reached a time where we can put this era behind us. A time when we can remove comment popup functionality from WordPress.

If this breaks the internet, I'll eat my hat.

Fixes #28617


git-svn-id: https://develop.svn.wordpress.org/trunk@35848 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-10 03:05:34 +00:00
Konstantin Kovshenin
318455ff24 Docs: Remove some more dittography.
See #34885, r35793.


git-svn-id: https://develop.svn.wordpress.org/trunk@35796 602fd350-edb4-49c9-b593-d223f7449a82
2015-12-06 21:49:43 +00:00
Mark Jaquith
baa1da6c57 Do not pass FALSE as second parameter in variable class_exists() checks
Because these are generally plugin-provided, we want plugins to be
able to use autoloaders.

fixes #20523

git-svn-id: https://develop.svn.wordpress.org/trunk@35749 602fd350-edb4-49c9-b593-d223f7449a82
2015-11-30 04:14:31 +00:00
Aaron Jorbin
ee18e04df0 Revert [34291] bringing back my-hacks
Keeping myhacks support is a small price to pay for not breaking people's sites.  Even if it is very very very few sites, breaking sites isn't something that should be encouraged. Even with 10 years of deprecation notices.

https://core.trac.wordpress.org/ticket/33741#comment:18 outlines all the ways that the hack_file and my-hacks options can be setup and thus all the ways that the removal of those options could break sites.

Fixes #33741.




git-svn-id: https://develop.svn.wordpress.org/trunk@35688 602fd350-edb4-49c9-b593-d223f7449a82
2015-11-18 20:48:24 +00:00
Dion Hulse
10c377b9b9 Decrease the chances that wp_tempnam() will conflict with an existing file by suffixing a random ID to the generated filename.
This also switches from using `touch()` to using `fopen( $file, 'x')` to ensure that we're the process creating the file.

Fixes #34562


git-svn-id: https://develop.svn.wordpress.org/trunk@35644 602fd350-edb4-49c9-b593-d223f7449a82
2015-11-16 05:32:32 +00:00