From 306d8b6a1e8780eec12692bd916b94f38c2d6aae Mon Sep 17 00:00:00 2001 From: Dion Hulse Date: Tue, 9 Jun 2015 03:54:49 +0000 Subject: [PATCH] WP_HTTP: ensure that the temporary file is created within the temporary directly when `stream` is specified without a `filename` parameter. Fixes #32549 git-svn-id: https://develop.svn.wordpress.org/trunk@32712 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/class-http.php | 2 +- tests/phpunit/tests/http/base.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/class-http.php b/src/wp-includes/class-http.php index c014004c05..206d406539 100644 --- a/src/wp-includes/class-http.php +++ b/src/wp-includes/class-http.php @@ -213,7 +213,7 @@ class WP_Http { * and pick its name using the basename of the $url. */ if ( $r['stream'] && empty( $r['filename'] ) ) { - $r['filename'] = wp_unique_filename( get_temp_dir(), basename( $url ) ); + $r['filename'] = get_temp_dir() . wp_unique_filename( get_temp_dir(), basename( $url ) ); } /* diff --git a/tests/phpunit/tests/http/base.php b/tests/phpunit/tests/http/base.php index e4af6b8744..f7b14806b8 100644 --- a/tests/phpunit/tests/http/base.php +++ b/tests/phpunit/tests/http/base.php @@ -188,12 +188,13 @@ abstract class WP_HTTP_UnitTestCase extends WP_UnitTestCase { if ( ! is_wp_error( $res ) ) { $filesize = filesize( $res['filename'] ); unlink( $res['filename'] ); - } + } $this->assertFalse( is_wp_error( $res ) ); $this->assertEquals( '', $res['body'] ); // The body should be empty. $this->assertEquals( $size, $res['headers']['content-length'] ); // Check the headers are returned (and the size is the same..) $this->assertEquals( $size, $filesize ); // Check that the file is written to disk correctly without any extra characters + $this->assertStringStartsWith( get_temp_dir(), $res['filename'] ); // Check it's saving within the temp dir } /**