Opened 4 years ago
Last modified 5 months ago
#35217 new defect (bug)
WP_Upgrader: writes temporary directory name to plugin folder if zip doesn't have directory
Reported by: | basszje | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.4 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: | ||
PR Number: |
Description
The issue described in ticket:30945 occurs now in 4.4 as well.
If you serve a plugin zip with the files in the root directory it writes the plugin to the directory including the random string generated by wp_tempnam
in file.php. This did not happen in 4.3.
This means this will occur with every plugin not having a directory in the ZIP itself.
In the mentioned ticket it is stated WP expects a plugin to have a directory name. Then why is the plugin upgrader checking if there are multiple files? In this case wouldn't it be better to gracefully return an error?
This block is in class-wp-upgrader.php :
451 if ( 1 == count( $source_files ) && $wp_filesystem->is_dir( trailingslashit( $args['source'] ) . $source_files[0] . '/' ) ) { //Only one folder? Then we want its contents.
452 $source = trailingslashit( $args['source'] ) . trailingslashit( $source_files[0] );
453 } elseif ( count( $source_files ) == 0 ) {
454 return new WP_Error( 'incompatible_archive_empty', $this->strings['incompatible_archive'], $this->strings['no_files'] ); // There are no files?
455 } else { // It's only a single file, the upgrader will use the folder name of this file as the destination folder. Folder name is based on zip filename.
456 $source = trailingslashit( $args['source'] );
457 }
The first condition happens on 'wrong' plugin formats, resulting in a faulty plugin directory (with temp string) in the plugins dir. The last condition is the one that always should be expected when the root of the plugin zip is a directory.
Change History (3)
#1
@
4 years ago
- Component changed from Plugins to Upgrade/Install
- Milestone changed from Awaiting Review to 4.5
#2
@
4 years ago
I just experienced this (and have been trying to figure it out for days now) and it's only because of this ticket I figured it out, some way of notifying the user that we are doing something wrong would be great, even if it throws an error or notice.
Edit: mine was a theme, but same thing
Zips without a folder are officially unsupported, but for user experience, we attempt to do as best as we can.
I guess we should take the suffixed data into account in this case though and strip the final 7 random characters off the foldername.