WireFileTools::rmdir() skips files with .. in filename, preventing temp dir cleanup #2191
Description
WireFileTools::rmdir() (line 131) has this check in its recursive scandir loop:
if($file == '.' || $file == '..' || strpos($file, '..') !== false) continue;The strpos($file, '..') !== false condition skips any file whose basename contains ... Since scandir() returns bare filenames (no slashes), directory traversal via .. is impossible here — the only dangerous entry is the literal '..' string, already handled by $file == '..'.
The problem in practice: Image files with consecutive dots in their name (e.g. dr._name.m.d..jpg) produce resize variants like dr._name.m.d..500x0.jpg. These contain .. and are silently skipped, leaving temp dirs (WireTempDir / .PFM paths) permanently un-deletable. The result is files-errors log spam on every request:
Unable to rmdir: /site/assets/cache/WireTempDir/.PFM.../
Note that lines 296 and 307 in the same file correctly use only $file == '..' without the strpos check.
Suggested fix:
if($file == '.' || $file == '..') continue;