https://bugzilla.wikimedia.org/show_bug.cgi?id=24898

           Summary: MediaWiki uses /tmp even if a vHost-specific tempdir
                    is set
           Product: MediaWiki
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: Normal
         Component: History/Diffs
        AssignedTo: wikibugs-l@lists.wikimedia.org
        ReportedBy: mediawiki-b...@cboltz.de


My apache config contains for every virtual host a line like this:
   SetEnv TMP /home/www/example.com/tmp/
to have tempfiles in a directory specific to each virtual host.

Unfortunately MediaWiki ignores $TMP and always uses /tmp. AFAIK this behaviour
was introduced in 1.16 - I did not notice it in 1.15.

The bug is in includes/GlobalFunctions.php:

function wfTempDir() {
    if( function_exists( 'sys_get_temp_dir' ) ) {
        return sys_get_temp_dir();
    }
    foreach( array( 'TMPDIR', 'TMP', 'TEMP' ) as $var ) {
        $tmp = getenv( $var );
        if( $tmp && file_exists( $tmp ) && is_dir( $tmp ) && is_writable( $tmp
) ) {
            return $tmp;
        }
    }
    # Hope this is Unix of some kind!
    return '/tmp';
}


Basically the function does the checks in the wrong order. On PHP >= 5.2.1
sys_get_temp_dir() exists and will always return /tmp - it ignores $TMP, see
the comments on http://php.net/sys_get_temp_dir

The correct order would be:
1. $TMPDIR, $TMP, $TEMP
2. sys_get_temp_dir()
3. /tmp fallback


Patch: (3 lines moved)


--- includes/GlobalFunctions.php        (Revision 71214)
+++ includes/GlobalFunctions.php        (Arbeitskopie)
@@ -2137,15 +2137,15 @@
  * @return String
  */
 function wfTempDir() {
-       if( function_exists( 'sys_get_temp_dir' ) ) {
-               return sys_get_temp_dir();
-       }
        foreach( array( 'TMPDIR', 'TMP', 'TEMP' ) as $var ) {
                $tmp = getenv( $var );
                if( $tmp && file_exists( $tmp ) && is_dir( $tmp ) &&
is_writable( $tmp ) ) {
                        return $tmp;
                }
        }
+       if( function_exists( 'sys_get_temp_dir' ) ) {
+               return sys_get_temp_dir();
+       }
        # Hope this is Unix of some kind!
        return '/tmp';
 }


Rating as major because it causes some "interesting" problems - open_basedir
restrictions or in my case AppArmor restrictions might apply.

Sidenote: The code trusts sys_get_temp_dir() blindly - it does not check if it
exists, is a directory and is writeable. Maybe you should add a check for this,
similar to the code used for $TMPDIR/$TMP/$TEMP. (This is NOT included in the
above patch.)

-- 
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.

_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to