zhooravlik
commented
2 years ago You can use \Zend_File_Transfer_Adapter_Abstract methods, like getDestination. Also you can refer to the documentation: https://php.net/tempnam
Closed barbazul closed 2 years ago
zhooravlik
commented
2 years ago You can use \Zend_File_Transfer_Adapter_Abstract methods, like getDestination. Also you can refer to the documentation: https://php.net/tempnam
The tempnam function is forbidden and there seems to be no workaround.
https://github.com/magento-ecg/coding-standard/blob/7ead7cecf35e3dc583a7a35b4257ba85317b4b26/Ecg/Sniffs/Security/ForbiddenFunctionSniff.php#L177
I know this standard is supposed to be a simple tool to spot areas of the code that need a deeper review before shipping, however, there is a valid point in avoiding most of these functions whenever possible as they are not only potential security risks but also (in most cases) get in the way of making the code testable.
So as a general rule the workaround for these is "use whatever library Magento/Zend provide to abstract such functions". That's great and all, but for cases such as tempnam, there is no workaround provided by the platform.
So:
What is the proposed way to deal with these cases? I would like to avoid having multiple variations of MyCompany_MyModule_Helper_File::tempnam() across multiple modules if possible.
Is there actually a library to deal with temporary files in Magento? I haven't found any, and I found a lot of duplicated code across both Magento and ZendFramework dealing with tempnam in different scenarios with slight variations