[wp-trac] [WordPress Trac] #35217: WP_Upgrader: writes temporary directory name to plugin folder if zip doesn't have directory

WordPress Trac noreply at wordpress.org
Thu Dec 24 15:59:59 UTC 2015 

#35217: WP_Upgrader:  writes temporary directory name to plugin folder if zip
doesn't have directory
--------------------------+-----------------------------
 Reporter:  basszje       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Plugins       |    Version:  4.4
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 The issue described in ticket:30945 occurs now in 4.4 as well.

 If you serve a plugin zip with the files in the root directory it writes
 the plugin to the directory including the random string generated by
 {{{wp_tempnam}}} in file.php. This did not happen in 4.3.

 This means this will occur with every plugin not having a directory in the
 ZIP itself.

 In the mentioned ticket it is stated WP expects a plugin to have a
 directory name. Then why is the plugin upgrader checking if there are
 multiple files? In this case wouldn't it be better to gracefully return an
 error?

 This block is in class-wp-upgrader.php :

  {{{#!php 450                   //Locate which directory to copy to the
 new folder, This is based on the actual folder holding the files.
 451                     if ( 1 == count( $source_files ) &&
 $wp_filesystem->is_dir( trailingslashit( $args['source'] ) .
 $source_files[0] . '/' ) ) { //Only one folder? Then we want its contents.
 452                             $source = trailingslashit( $args['source']
 ) . trailingslashit( $source_files[0] );
 453                     } elseif ( count( $source_files ) == 0 ) {
 454                             return new WP_Error(
 'incompatible_archive_empty', $this->strings['incompatible_archive'],
 $this->strings['no_files'] ); // There are no files?
 455                     } else { // It's only a single file, the upgrader
 will use the folder name of this file as the destination folder. Folder
 name is based on zip filename.
 456                             $source = trailingslashit( $args['source']
 );
 457                     }
 }}}

 The first condition happens on 'wrong' plugin formats, resulting in a
 faulty plugin directory (with temp string) in the plugins dir. The last
 condition is the one that always should be expected when the root of the
 plugin zip is a directory.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/35217>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list