Changeset 56186

Timestamp:

07/10/2023 08:31:35 PM (13 months ago)

Author:

azaozz

Message:

Filesystem API: Ensure wp_tempnam() does not produce file names longer than 255 characters as this is the limit on most filesystems.

Props: costdev, doems, mikeschroder, oglekler, mrinal013.
Fixes: #35755.

Location:

trunk

Files:

• src/wp-admin/includes/file.php (modified) (1 diff)
• tests/phpunit/tests/file.php (modified) (1 diff)

trunk/src/wp-admin/includes/file.php

@@ -690 +690 @@
     $temp_filename .= '-' . wp_generate_password( 6, false );
     $temp_filename .= '.tmp';
-    $temp_filename  = $dir . wp_unique_filename( $dir, $temp_filename );
+    $temp_filename  = wp_unique_filename( $dir, $temp_filename );
+
+    /*
+     * Filesystems typically have a limit of 255 characters for a filename.
+     *
+     * If the generated unique filename exceeds this, truncate the initial
+     * filename and try again.
+     *
+     * As it's possible that the truncated filename may exist, producing a
+     * suffix of "-1" or "-10" which could exceed the limit again, truncate
+     * it to 252 instead.
+     */
+    $characters_over_limit = strlen( $temp_filename ) - 252;
+    if ( $characters_over_limit > 0 ) {
+        $filename = substr( $filename, 0, -$characters_over_limit );
+        return wp_tempnam( $filename, $dir );
+    }
+
+    $temp_filename = $dir . $temp_filename;
 
     $fp = @fopen( $temp_filename, 'x' );

trunk/tests/phpunit/tests/file.php

@@ -207 +207 @@
 
     /**
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
      * @ticket 47186
      */