[wp-trac] [WordPress Trac] #20057: Media upload for multi-webserver setups introduces a nasty race condition that could corrupt uploaded files
WordPress Trac
wp-trac at lists.automattic.com
Thu Jul 26 00:01:54 UTC 2012
#20057: Media upload for multi-webserver setups introduces a nasty race condition
that could corrupt uploaded files
--------------------------+------------------------------
Reporter: archon810 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 3.3.1
Severity: major | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by archon810):
Replying to [comment:17 markoheijnen]:
> Looked into the issue more and wp_upload_bits is the right method to use
and obvious it doesn't has wp_handle_upload_prefilter. It does has the
filter: wp_upload_bits.
>
> #19121 should fix this issue the correct way: add a filter to
wp_unique_filename.
>
> Maybe we should remove sanitize_file_name in the mw_newMediaObject. So
it doesn't fire up twice.
Great care needs to be taken there, see what I wrote above:
>"I also tried to use the filter from
https://core.trac.wordpress.org/attachment/ticket/19121/19121.2.patch, but
that results in the same file being overwritten over and over (much worse)
because the file name is modified too late and doesn't trigger a
uniqueness check."
When I used that filter to prepend servername and uploaded 2 files with
the same name (just using Windows Live Writer and not specifying a name,
which results in "image.png"), I ended up with servername_image.png and
that's it. It was overwritten by the 2nd upload. This is very bad and
dangerous.
Ideally, both upload functions (xmlrpc and WP web) would fire the same
logic and the same filter early enough to modify the file name.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20057#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list