use get_temp_dir (not sys_get_temp_dir)

This is a bugfix/enhancement request: please change sys_get_temp_dir() to get_temp_dir() (lib/wfConfig.php line 402).

The reason for this is to allow scanning to work when sys_get_temp_dir is returning /tmp, but the /tmp directory is not in open_basedir. That’s the environment I must work in for one site, and wordfence scans always fail; after this change, they succeed.

Admittedly, this is a semi-broken php environment which I have to work, but there’s also an, “it’s the WordPress way” argument to be made – to wit, get_temp_dir() is a WordPress function designed for exactly this purpose and is configurable via defining WP_TEMP_DIR.

I believe the point at which that is called is always after a wordpress bootstrap (not in the waf loaded ahead of wordpress), and as such using a wordpress function there would always be safe.

Thanks for considering this, for wordfence itself, and your support of the wordpress/web community.

Jesse