[wp-trac] [WordPress Trac] #12866: tmpfile() may use non-writable directory causing upgrades to fail
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 6 11:16:20 UTC 2010
#12866: tmpfile() may use non-writable directory causing upgrades to fail
-----------------------------+----------------------------------------------
Reporter: dd32 | Owner: dd32
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Upgrade/Install | Version:
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
According to ocean90's investigation of a core upgrade issue in #8668, and
verified by php.net, tmpfile() may use a temporary directory which is not
writable.
The temporary directory may be non-writable due to ACL's, or due to
open_basedir restrictions - Both bad server configurations.
Example error:
{{{
Warning: tmpfile() [function.tmpfile]: open_basedir restriction in effect.
File(/tmp) is not within the allowed path(s): (
/var/www/web39/html/:
/var/www/web39/phptmp/:/var/www/web39/files/:
/var/www/web39/atd/
)in
/var/www/web39/html/blog/wp-admin/includes/class-wp-filesystem-ftpext.php
on line 116
}}}
commit coming up replaced tmpfile() with a wp_tempname()+fopen() call.
Commit also adds static caching to get_temp_dir() as it may be called
rather often with this cod branch. In addition to that, to protect against
more bad server environments, the temporary directory is checked to be
writable in all given branches.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12866>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list