-
Bug
-
Resolution: Fixed
-
Minor
-
2.7.7, 2.8.5
-
MOODLE_27_STABLE, MOODLE_28_STABLE
-
MOODLE_30_STABLE
From what I can tell, admin/tool/installaddon/index.php is abusing make_temp_directory by storing files within it which persist from request to request.
make_temp_directory() is intended for same-request-only use.
The file is stored in filedir, but is stored as $zipfilename within $sourcedir (a temp directory). It's then passed to the validate page as a param to $nexturl.
The version.php is extracted first (correctly using file packers), but is then saved to a workingdir. It doesn't appear that it's ever used after it's been read once.
In short, I can't see any reason that installaddon needs to make use of persistent temp directories and we should remove them.