Bug with tempnam("/tmp", "");

Some hostings have a different temporary path than "/tmp".
2024-09-18 18:25:18 +00:00 · 2016-01-11 15:43:41 +01:00 · 2016-01-11 15:43:41 +01:00 · 6e00b443cd
commit 6e00b443cd
parent 7e49ff3dcd
2 changed files with 6 additions and 1 deletions
--- a/1
+++ b/1
@ -19,6 +19,7 @@ NEWS ( CHANGELOG and HISTORY )                                     HTMLPurifier
 - Non all-numeric top-level names (e.g., foo.1f, 1f) are now
  allowed.
 - Minor bounds error fix to squash a PHP 7 notice.
+- Support non-/tmp temporary directories for data:// validation

 4.7.0, released 2015-08-04
 # opacity is now considered a "tricky" CSS property rather than a
--- a/library/HTMLPurifier/URIScheme/data.php
+++ b/library/HTMLPurifier/URIScheme/data.php
@ -81,7 +81,11 @@ class HTMLPurifier_URIScheme_data extends HTMLPurifier_URIScheme
        }
        // XXX probably want to refactor this into a general mechanism
        // for filtering arbitrary content types
-        $file = tempnam("/tmp", "");
+        if (function_exists('sys_get_temp_dir')) {
+            $file = tempnam(sys_get_temp_dir(), "");
+        } else {
+            $file = tempnam("/tmp", "");
+        }
        file_put_contents($file, $raw_data);
        if (function_exists('exif_imagetype')) {
            $image_code = exif_imagetype($file);