[wp-trac] [WordPress Trac] #10205: getmyuid() called instead of posix_getuid() in get_filesystem_method() (wp-admin/includes/file.php)

WordPress Trac noreply at wordpress.org
Sat Apr 26 15:11:50 UTC 2014 

#10205: getmyuid() called instead of posix_getuid() in get_filesystem_method() (wp-
admin/includes/file.php)
------------------------------------+-----------------------------
 Reporter:  pgl                     |       Owner:  dd32
     Type:  enhancement             |      Status:  reopened
 Priority:  normal                  |   Milestone:  Future Release
Component:  Filesystem API          |     Version:  2.8
 Severity:  normal                  |  Resolution:
 Keywords:  has-patch dev-feedback  |     Focuses:
------------------------------------+-----------------------------

Comment (by jason_the_adams):

 I definitely second this issue. What I find interesting about this
 situation is that it seems to assume the user has rights to set the
 ownership, applying different user/group ownership, and then somehow loses
 the know-how a few moments later when they ftp in. I'm just trying to
 imagine an actual scenario in which some consistent person would run into
 this problem.

 I don't mind checking the reason behind why WP has write access, but
 suggest, at the very least, comparing the gid of the temp file and user.

 What's interesting further still is that if the uid of the file and active
 user are different, then it implies the temp file inherited the uid
 properly, which would be by the design of the user. I suspect the vast
 majority of the cases for WP are either something like Wordpress.com,
 wherein the service manages everything, or shared hosting, wherein the
 user doesn't have rights to change the ownership. If they are, it seems
 safe to assume they know what they're doing anyway.

 Hahah! Sorry for the passion; I've been struggling with this for months
 now. I use Capistrano and this issues really causes problems with
 deployment methods. I'd prefer to use an ACL or something like that with
 WP. The suggested permissions are a bit more open than I'm comfortable
 with.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/10205#comment:37>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list