[wp-trac] [WordPress Trac] #28034: Appropriate group permissions aren't acknowledged in get_filesystem_method
WordPress Trac
noreply at wordpress.org
Fri Apr 25 21:30:09 UTC 2014
#28034: Appropriate group permissions aren't acknowledged in get_filesystem_method
-----------------------------+-----------------------------
Reporter: jason_the_adams | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 3.9
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
Wordpress currently checks whether a file can be written and then compares
the uid of that file to the current user id. The problem is, this fails in
the case wherein wordpress has proper group permissions. I've noticed
around that the solution people are told to follow is "sudo chown www-data
wordpress/ -R".
But there's merit to having a different user/group permissions, and giving
apache/nginx limited permissions to the user. Whether or not this is
agreed with, though, should Wordpress force the person to work this way?
Shouldn't WP's real concern just be that it can write?
I suggest changing line 948 in /include/admin/file.php to:
{{{
if ( (getmyuid() == @fileowner($temp_file_name)) || (getmygid() ==
@filegroup($temp_file_name) )
}}}
Since we've already written to a new file, we can assume that write
permissions are acceptable for either the user or group.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28034>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list