[wp-trac] [WordPress Trac] #36776: Theme update error: "Download failed. Could not open handle for fopen() to ..." (file name too long)

WordPress Trac noreply at wordpress.org
Fri May 6 12:39:05 UTC 2016 

#36776: Theme update error: "Download failed. Could not open handle for fopen() to
..." (file name too long)
--------------------------+-----------------------------
 Reporter:  JanR          |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  4.5.1
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 Note: I'm still investigating and debugging this issue.

 A theme update fails with the following error:

 > Download failed. Could not open handle for fopen() to ...

 when two conditions are met:

 1. hosted on Windows Server
 2. extreme long temporary name for the update file

 In the case of one of our customers, the temporary filename is
 `D:\www\example.com\www/wp-content/enfold
 .zipAWSAccessKeyIdAKIAJYG5ROGJ6X7Z3M6QExpires1462528521SignaturevVcIoALl287s8b4Ema4weAdA5yI3Dresponse-
 content-dispositionattachment3Bfilename3Dthemeforest-4519990-enfold-
 responsive-multipurpose-theme-wordpress-theme-YPRt5D.tmp` (slightly
 edited).

 This is well over 260 characters which is the maximum
 [https://msdn.microsoft.com/en-
 us/library/windows/desktop/aa365247(v=vs.85).aspx#maxpath MAX_PATH] in the
 Windows API. The missing question mark (''enfold.zipAWSA''...) and missing
 percent signs (%, ''3B'' instead of ''%3B'') feels like
 urlencode/urldecode gone bad.

 In this specific case, the update file is downloaded from an extremely
 long Envato/ThemeForest URL:

 https://s3.amazonaws.com/marketplace-
 downloads.envato.com/files/184010637/enfold.zip?AWSAccessKeyId=(AccessKey)&Expires=(Expires)&Signature=(Signature)%3D
 &response-content-disposition=attachment%3B+filename%3Dthemeforest-4519990
 -enfold-responsive-multipurpose-theme-wordpress-theme.zip

 One ''could'' blame Envato for this extremely long URL, but that's not the
 point of this ticket :-) Point is, we need to limit the maximum file
 length for temporary downloaded files in WordPress. Hacking my way through
 /wp-includes/class-wp-http-curl.php (bad idea), I was able to download the
 theme update file. Simply strip everything after the question mark ('?').

 On line 187, add:

 `$r['filename'] = preg_replace("/(.*\.zip)?(.*)/", "$1", $r['filename']);`
 `$this->stream_handle = fopen($r['filename'], 'w+' );`

 However, the temporary file name is used in multiple places. This simply
 resulted in /wp-admin/includes/file.php not being able to delete the file
 (line 493).

 PS: there is an older support thread describing this very issue (not
 related to me or the client case I'm working on now), on kriesi.at:
 http://www.kriesi.at/support/topic/enfold-theme-problem-with-fopen-when-
 updating-the-theme/.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36776>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list