You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Temporary files naming logic in PHPWord_Template can lead to a collision
The problem is in the followed peace of code:
publicfunction__construct($strFilename) {
$path = dirname($strFilename);
$this->_tempFileName = $path.DIRECTORY_SEPARATOR.time().'.docx';
copy($strFilename, $this->_tempFileName); // Copy the source File to the temp File$this->_objZip = newZipArchive();
$this->_objZip->open($this->_tempFileName);
$this->_documentXML = $this->_objZip->getFromName('word/document.xml');
}
As we may see, temporary files are named using "the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT)". In this case, if we have several requests per one second, the code will generate us files with exactly the same names, and that may lead to some confusions. So, we need to generate really unique filenames. tempnam() function meets this requirement.
Moreover, according to ETL, it's not correct to transform data right in the source we extract this data from. But this is what the peace of code does while creating temporary file in the datasource directory. It's not correct to generate temporary files in the destination directory too. There may be tons of such destination directories and, in case of bugs in our code, they may be populated with garbage temporary files. So, we need separate temporary directory for our temporary files, which allows us easily maintain it's content (when deal with garbage). sys_get_temp_dir() function meets this requirement.
Finally, what we need to do is to correct couple lines of code. :)
The text was updated successfully, but these errors were encountered:
Temporary files naming logic in PHPWord_Template can lead to a collision
The problem is in the followed peace of code:
As we may see, temporary files are named using "the current time measured in the number of seconds since the Unix Epoch (January 1 1970 00:00:00 GMT)". In this case, if we have several requests per one second, the code will generate us files with exactly the same names, and that may lead to some confusions. So, we need to generate really unique filenames. tempnam() function meets this requirement.
Moreover, according to ETL, it's not correct to transform data right in the source we extract this data from. But this is what the peace of code does while creating temporary file in the datasource directory. It's not correct to generate temporary files in the destination directory too. There may be tons of such destination directories and, in case of bugs in our code, they may be populated with garbage temporary files. So, we need separate temporary directory for our temporary files, which allows us easily maintain it's content (when deal with garbage). sys_get_temp_dir() function meets this requirement.
Finally, what we need to do is to correct couple lines of code. :)
The text was updated successfully, but these errors were encountered: