[wp-trac] [WordPress Trac] #33053: download_url() includes query string in temporary filenames
WordPress Trac
noreply at wordpress.org
Mon Jul 20 21:07:48 UTC 2015
#33053: download_url() includes query string in temporary filenames
-----------------------------+-----------------------------
Reporter: Hyperopic | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 4.2.1
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
When installing a theme update, I encountered an error traced back to the
update file exceeding the Windows path\filename length limit. It turned
out the root cause of this was that the download URL contained a query
string with access key information, which was also being included in the
filename of the temporary file created by $tmpfname = wp_tempnam($url); in
the download_url() function.
In my case, for example, download URL was:
https://s3.amazonaws.com/marketplace-
downloads.envato.com/files/140862862/enfold.zip?AWSAccessKeyId=*******************&Expires=1437422162&Signature=*****************-***********%3D
&response-content-disposition=attachment%3B+filename%3Dthemeforest-4519990
-enfold-responsive-multipurpose-theme-wordpress_theme.zip
which resulted in a temporary file called:
enfold.zipAWSAccessKeyId*******************Expires1437422162Signature
*****************-***********-3Dresponse-content-dispositionattachment-3B-
filename-3Dthemeforest-4519990-enfold-responsive-multipurpose-theme-
wordpress_theme.tmp
rather than the expected enfold.zip
I would suggest that downloaded files should probably exclude any query
string from the URL as the simplest method of resolving this issue, but
will leave that to development team.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33053>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list