[wp-trac] [WordPress Trac] #36936: Plugin update does not works via web with proper filesystem permissions.
WordPress Trac
noreply at wordpress.org
Wed May 25 04:26:08 UTC 2016
#36936: Plugin update does not works via web with proper filesystem permissions.
----------------------------+------------------------------
Reporter: brudas | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 4.5.2
Severity: normal | Resolution:
Keywords: | Focuses:
----------------------------+------------------------------
Comment (by dd32):
FWIW, the issue at play here isn't exactly read/write, it's the ability
for the upgrade to happen in a way that the user can modify the files
after the upgrade has occurred, and the web server can still serve them.
It's possible for PHP to write a file to disk, be able to read it, but
have the web server say "Nope! 403!" to someone who then tries to view
that file.
WordPress operates on so many server configurations, and with PHPs very
little suppoty/insight into the ACLs on both Windows and Linux leaves us
with having to code for the lowest common denominator.
That means that yes, we have to keep in mind PHP safe mode, we need to
keep in mind linux ACLs, we need to keep in mind linux systems not using
ACLs, Windows 2000~2010 servers, Unix servers, Mac servers.. etc, but then
we also have to keep in mind FTP applications running upon those, which
yes, a significant portion of WordPress users have as their only access to
their WordPress files and hosting account.
So unfortunately at this time, WordPress can't really switch away from the
existing owner-based checks while maintaining full compatibility that we
currently have with those hundreds of thousands of configurations (okay,
maybe it's not that many, but it wouldn't surprise me if it was).
We could use `posix_access()` if available, but that only operates on
files (AFAIK) doesn't guarantee that we can actually modify the file even
if it says we can, and isn't available on a significant portion of hosts
either.
I know I'm not going to get a warm response to this, and that's okay, but
I don't think we can support your configuration any better than we
currently do, while also supporting everyone else, and having it "just
work".
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36936#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list