[wp-trac] [WordPress Trac] #8210: SSH2 Filesystem transport;
Multiple issues
WordPress Trac
wp-trac at lists.automattic.com
Fri Nov 14 07:32:26 GMT 2008
#8210: SSH2 Filesystem transport; Multiple issues
---------------------+------------------------------------------------------
Reporter: DD32 | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.8
Component: General | Version: 2.7
Severity: normal | Keywords:
---------------------+------------------------------------------------------
The SSH2 filesystem transport appears to have a few issues:
* Filenames with multiple dashes cannot be created
* eg: cforms has a file {{{-----HISTORY.txt}}} which cannot be created
* Filenames are not properly escaped before being escaped
* eg: {{{run_command($this->link, sprintf('ls -lad %s', $file));}}}
instead of say {{{run_command($this->link, sprintf('ls -lad "%s"',
$file));}}} or better: {{{run_command($this->link, sprintf('ls -lad "%s"',
escapeshellarg($file) ) );}}}
* escapeshellarg() or one unique to the SSH2 transport should be used
on such files
* While not specifically a defect, using {{{ @fopen('ssh2.sftp://'}}}
instead of {{{ ssh2_scp_recv() }}} can be much faster according to the PHP
docs, It also avoids having to use a temporary file, as you can read it
straight into a variable.
I'm going to attach a patch thats a bit of POC, It doesnt "fix" anything
mentioned here, just a start towards it, and highlights the areas which
need attention.
--
Ticket URL: <http://trac.wordpress.org/ticket/8210>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list