[wp-trac] [WordPress Trac] #13641: open_basedir possible problem
WordPress Trac
wp-trac at lists.automattic.com
Sun May 30 17:13:48 UTC 2010
#13641: open_basedir possible problem
-----------------------------+----------------------------------------------
Reporter: thomask | Owner: dd32
Type: defect (bug) | Status: new
Priority: lowest | Milestone: Unassigned
Component: Upgrade/Install | Version:
Severity: minor | Keywords: close
-----------------------------+----------------------------------------------
Changes (by nacin):
* keywords: => close
* milestone: 3.0 => Unassigned
Comment:
Okay, the issue here is that we added support a long while ago for wp-
config.php to exist one level up from the WordPress install. In many cases
this will be outside of public_html/wwwroot/httpdocs. In this case, that's
what your open_basedir is set to.
It's important to point out that the ability to move wp-config.php up one
directory is not a security measure designed to get it out of the public
directory, but it is designed for advanced SVN/external setups.
The solution would be for us to error suppress the first file_exists check
when we look up one directory. (If it fails, we won't get to the second
one.) However, this is technically a performance hit for those who run
their blogs under that type of setup. Additionally, a typical setup (where
wp-config does not reside one directory up) will never reach that code.
Thus, the only time this becomes an issue is when WordPress has yet to be
installed (no wp-config anywhere) and open_basedir has such a
restriction... And while you get an error message, you're also rather
immediately greeted with instructions. Confusing, but not going to scare
people away entirely. I think I'm thus suggesting a wontfix here.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13641#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list