[wp-trac] Re: [WordPress Trac] #2802: Ensure wp_handle_upload never
leaves uploaded files world-writable
WordPress Trac
wp-trac at lists.automattic.com
Wed Jun 21 22:12:43 GMT 2006
#2802: Ensure wp_handle_upload never leaves uploaded files world-writable
-----------------------------------------------------------------+----------
Reporter: Libertus | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.1
Severity: normal | Resolution:
Keywords: inline upload files world writable wp_handle_upload |
-----------------------------------------------------------------+----------
Comment (by doit-cu):
Does this really solve the problem? If the directory is world writable,
and you upload file1.ext, I can still delete/replace file1.ext. I can't
edit them directly, but I don't really need to. You'd need to sticky-bit
the uploads directory as well to solve that on a linux/unix system... why
not just chgrp to the web server user and chmod g+w the uploads directory?
--
Ticket URL: <http://trac.wordpress.org/ticket/2802>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list