[wp-trac] [WordPress Trac] #42265: get_filesystem_method() isn't unique enough
WordPress Trac
noreply at wordpress.org
Wed Oct 18 22:44:05 UTC 2017
#42265: get_filesystem_method() isn't unique enough
-----------------------------------------+-----------------------------
Reporter: bikecrazyy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 2.5
Severity: normal | Keywords:
Focuses: administration, performance |
-----------------------------------------+-----------------------------
'''Issue''':
I have 4 plugins installed that use the '''''get_filesystem_method'''''()
and I randomly get php errors thrown and cause things not to work right
sometimes.
'''Explanation''':
When two or more calls fire off get_file_system_method() within the same
second it can cause errors to be thrown by the fopen() and unlink()
functions. What is causing the errors to be thrown is a collision with the
file name due to the $temp_file_name not being random enough and using the
time() to create a unique file name key.
'''Proposed fix''':
Add uniqid() to the end of the string to create a random string. I
understand that uniqid() function is not a secure value but should be
random enough so the name collision won't happen.
'''php_error_log''' [[Image(https://i.imgur.com/fhTAlQu.jpg)]]
'''Current Code'''
{{{#!php
wp-admin\includes\file.php
<?php
if ( ! $method ) {
$temp_file_name = $context . 'temp-write-test-' . time();
$temp_handle = @fopen($temp_file_name, 'w');
}}}
'''Proposed fix'''
{{{#!php
<?php
if ( ! $method ) {
$temp_file_name = $context . 'temp-write-test-' . time() .
uniqid();
$temp_handle = @fopen($temp_file_name, 'w');
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42265>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list