[wp-trac] [WordPress Trac] #55109: Plugins no longer download to tmp folder
WordPress Trac
noreply at wordpress.org
Tue Feb 8 04:34:58 UTC 2022
#55109: Plugins no longer download to tmp folder
--------------------------+-----------------------------
Reporter: antonynz | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.9
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
5.9 introduces a content-disposition check in the download_URL function to
update the filename externally.
However when this header is set, the temporary path is removed from the
$tmpfname variable which is added earlier, i.e:
$tmpfname = wp_tempnam( $url_filename );
is overridden with:
$tmpfname = $tmpfname_disposition;
This results in plugins that are downloaded from the WordPress plugin
repository (as they include the content-disposition header) being
downloaded to the folder the user is in eg, wp-admin if updating via the
plugins page or the home directory if updated via a cron auto-update job
for example. The overriding of the variable also skips the writable
directory checks within wp_tempnam.
I've read over the comments for the addition of this code, but it's not
clear what the use case is or if it was intended to apply to plugins?
[https://github.com/WordPress/WordPress/commit/7a0a07d69156aba316d566f37dcdd498f59d138d
]
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55109>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list