From 2f40784d972551799220e58a1e8af99f9ddbb35e Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Mon, 9 Sep 2013 02:42:52 +0000 Subject: [PATCH] WP_Filesystem: Ensure that all files are read/written correctly by verifying the return values from fwrite() and using FTP_BINARY mode (ASCII converts line endings as per the spec). See #25237 git-svn-id: https://develop.svn.wordpress.org/trunk@25304 602fd350-edb4-49c9-b593-d223f7449a82 --- .../includes/class-wp-filesystem-direct.php | 18 ++++++++++---- .../includes/class-wp-filesystem-ftpext.php | 24 ++++++++++--------- .../class-wp-filesystem-ftpsockets.php | 23 +++++++++--------- .../includes/class-wp-filesystem-ssh2.php | 7 ++++-- 4 files changed, 42 insertions(+), 30 deletions(-) diff --git a/src/wp-admin/includes/class-wp-filesystem-direct.php b/src/wp-admin/includes/class-wp-filesystem-direct.php index e25c9ef8d7..21548d5b4b 100644 --- a/src/wp-admin/includes/class-wp-filesystem-direct.php +++ b/src/wp-admin/includes/class-wp-filesystem-direct.php @@ -59,12 +59,20 @@ class WP_Filesystem_Direct extends WP_Filesystem_Base { * @param int $mode (optional) The file permissions as octal number, usually 0644. * @return bool False upon failure. */ - function put_contents($file, $contents, $mode = false ) { - if ( ! ($fp = @fopen($file, 'w')) ) + function put_contents( $file, $contents, $mode = false ) { + $fp = @fopen( $file, 'wb' ); + if ( ! $fp ) return false; - @fwrite($fp, $contents); - @fclose($fp); - $this->chmod($file, $mode); + + $bytes_written = fwrite( $fp, $contents ); + + fclose( $fp ); + + if ( false === $bytes_written || $bytes_written != strlen( $contents ) ) + return false; + + $this->chmod( $file, $mode ); + return true; } /** diff --git a/src/wp-admin/includes/class-wp-filesystem-ftpext.php b/src/wp-admin/includes/class-wp-filesystem-ftpext.php index d087189147..9d848b4bd3 100644 --- a/src/wp-admin/includes/class-wp-filesystem-ftpext.php +++ b/src/wp-admin/includes/class-wp-filesystem-ftpext.php @@ -88,17 +88,14 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base { return true; } - function get_contents($file, $type = '', $resumepos = 0 ) { - if ( empty($type) ) - $type = FTP_BINARY; - + function get_contents( $file ) { $tempfile = wp_tempnam($file); $temp = fopen($tempfile, 'w+'); if ( ! $temp ) return false; - if ( ! @ftp_fget($this->link, $temp, $file, $type, $resumepos) ) + if ( ! @ftp_fget($this->link, $temp, $file, FTP_BINARY ) ) return false; fseek($temp, 0); //Skip back to the start of the file being written to @@ -117,15 +114,20 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base { function put_contents($file, $contents, $mode = false ) { $tempfile = wp_tempnam($file); - $temp = fopen($tempfile, 'w+'); + $temp = fopen( $tempfile, 'wb+' ); if ( ! $temp ) return false; - fwrite($temp, $contents); - fseek($temp, 0); //Skip back to the start of the file being written to + $bytes_written = fwrite( $temp, $contents ); + if ( false === $bytes_written || $bytes_written != strlen( $contents ) ) { + fclose( $temp ); + unlink( $tempfile ); + return false; + } - $type = $this->is_binary($contents) ? FTP_BINARY : FTP_ASCII; - $ret = @ftp_fput($this->link, $file, $temp, $type); + fseek( $temp, 0 ); // Skip back to the start of the file being written to + + $ret = @ftp_fput( $this->link, $file, $temp, FTP_BINARY ); fclose($temp); unlink($tempfile); @@ -187,7 +189,7 @@ class WP_Filesystem_FTPext extends WP_Filesystem_Base { if ( ! $overwrite && $this->exists($destination) ) return false; $content = $this->get_contents($source); - if ( false === $content) + if ( false === $content ) return false; return $this->put_contents($destination, $content, $mode); } diff --git a/src/wp-admin/includes/class-wp-filesystem-ftpsockets.php b/src/wp-admin/includes/class-wp-filesystem-ftpsockets.php index dedb30cad9..8f9bbcb7f9 100644 --- a/src/wp-admin/includes/class-wp-filesystem-ftpsockets.php +++ b/src/wp-admin/includes/class-wp-filesystem-ftpsockets.php @@ -75,20 +75,16 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base { return false; } - $this->ftp->SetType(FTP_AUTOASCII); - $this->ftp->Passive(true); - $this->ftp->setTimeout(FS_TIMEOUT); + $this->ftp->SetType( FTP_BINARY ); + $this->ftp->Passive( true ); + $this->ftp->setTimeout( FS_TIMEOUT ); return true; } - function get_contents($file, $type = '', $resumepos = 0) { + function get_contents( $file ) { if ( ! $this->exists($file) ) return false; - if ( empty($type) ) - $type = FTP_AUTOASCII; - $this->ftp->SetType($type); - $temp = wp_tempnam( $file ); if ( ! $temphandle = fopen($temp, 'w+') ) @@ -122,11 +118,14 @@ class WP_Filesystem_ftpsockets extends WP_Filesystem_Base { return false; } - fwrite($temphandle, $contents); - fseek($temphandle, 0); //Skip back to the start of the file being written to + $bytes_written = fwrite( $temphandle, $contents ); + if ( false === $bytes_written || $bytes_written != strlen( $contents ) ) { + fclose( $temphandle ); + unlink( $temp ); + return false; + } - $type = $this->is_binary($contents) ? FTP_BINARY : FTP_ASCII; - $this->ftp->SetType($type); + fseek( $temphandle, 0 ); // Skip back to the start of the file being written to $ret = $this->ftp->fput($file, $temphandle); diff --git a/src/wp-admin/includes/class-wp-filesystem-ssh2.php b/src/wp-admin/includes/class-wp-filesystem-ssh2.php index 8ff3cb18e7..93c5526dae 100644 --- a/src/wp-admin/includes/class-wp-filesystem-ssh2.php +++ b/src/wp-admin/includes/class-wp-filesystem-ssh2.php @@ -150,7 +150,7 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base { return false; } - function get_contents($file, $type = '', $resumepos = 0 ) { + function get_contents( $file ) { $file = ltrim($file, '/'); return file_get_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file); } @@ -164,9 +164,12 @@ class WP_Filesystem_SSH2 extends WP_Filesystem_Base { $file = ltrim($file, '/'); $ret = file_put_contents('ssh2.sftp://' . $this->sftp_link . '/' . $file, $contents); + if ( $ret !== strlen( $contents ) ) + return false; + $this->chmod($file, $mode); - return false !== $ret; + return true; } function cwd() {