After a mail discussion with @amElnagdy, we agreed on publishing PRs fixing the vulnerabilities left and get it quickly merged and deployed.
This will prevent the potential disclosure of the wp-config.php, since the temporary file is created with the extension .tmp and it may be served by the web server without being passed to the PHP interpreter.
This is a quick workaround to prevent disclosure, I'll rewrite the whole method sooner or later.
After a mail discussion with @amElnagdy, we agreed on publishing PRs fixing the vulnerabilities left and get it quickly merged and deployed.
This will prevent the potential disclosure of the
wp-config.php, since the temporary file is created with the extension.tmpand it may be served by the web server without being passed to the PHP interpreter.This is a quick workaround to prevent disclosure, I'll rewrite the whole method sooner or later.