Ticket #6465 (closed defect: fixed)

Opened 8 months ago

Last modified 5 months ago

tempnam() has been disabled for security reason

Reported by: DD32 Assigned to: anonymous
Priority: normal Milestone: 2.6
Component: Administration Version: 2.5
Severity: normal Keywords: has-patch
Cc:

Description

http://wordpress.org/support/topic/164139?replies=1

OK, this might not be a WordPress problem exactly, but maybe someone could help me.

When I click the auto-update option for plugins, the page displays:

Warning: tempnam() has been disabled for security reasons in /****/wp-admin/includes/file.php on line 316

Is there a way to fix it?

Appears some hosts disable tempnam() all together, Might be worth simply using basename($url) as the filename in the upgrade folder.

It causes the plugin auto upgrade to fail.

Attachments

6465.diff (2.2 kB) - added by DD32 on 04/25/08 13:41:04.
6465.2.diff (2.2 kB) - added by DD32 on 04/25/08 14:08:10.

Change History

03/30/08 10:49:19 changed by DD32

Just for reference, its used in download_url() and get_filesystem_method()

03/31/08 01:31:36 changed by DD32

Also, getmyuid() and fileowner() are disabled on certain setups.

03/31/08 01:34:34 changed by DD32

See: http://wordpress.org/support/topic/164424

04/25/08 13:41:04 changed by DD32

  • attachment 6465.diff added.

04/25/08 13:44:38 changed by DD32

  • keywords changed from needs-patch to has-patch.

attachment 6465.diff added.

  • Introduces wp_tempnam() to find a filename which is useable, based off a provided filename/url & optionally a path (Note: The args are not the same as PHP's tempnam, as the arguement order makes more sense in this fasion for WordPress's use)
  • Adds checks for getmyuid() and fileowner() before attempting to use them
  • And adds a filter to the filesystem method.

04/25/08 14:08:10 changed by DD32

  • attachment 6465.2.diff added.

04/25/08 14:08:59 changed by DD32

attachment 6465.2.diff added.

Forgot to touch the file and actually create it.. Apologies if patch doesnt apply, i had to manually hack out another few changes i've made around it.

04/25/08 21:34:54 changed by ryan

(In [7840]) tempnam workarounds from DD32. see #6465

04/25/08 21:35:24 changed by ryan

Committed for trunk. Let's let it soak in trunk before adding to 2.5.

06/16/08 20:31:22 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.
  • milestone changed from 2.5.2 to 2.6.