[wp-trac] [WordPress Trac] #15134: WordPress should not try to remove themes or plugins recursively if the directory is a symlink

Sat Jan 14 18:19:21 UTC 2023

#15134: WordPress should not try to remove themes or plugins recursively if the
directory is a symlink
--------------------------------------------------+-----------------------
 Reporter:  vladimir_kolesnikov                   |       Owner:  pbiron
     Type:  defect (bug)                          |      Status:  accepted
 Priority:  normal                                |   Milestone:  6.2
Component:  Upgrade/Install                       |     Version:
 Severity:  normal                                |  Resolution:
 Keywords:  has-patch needs-testing dev-feedback  |     Focuses:
--------------------------------------------------+-----------------------

Comment (by bgoewert):

 == Test Report

 Patch tested: [https://github.com/WordPress/wordpress-develop/pull/3372
 pr:3372]

 === Steps to Test
 Feel free to provide alternate instructions. This is just what I was able
 to come up with.
 1. Download an older version of a plugin. Example:
 [https://downloads.wordpress.org/plugin/gutenberg.14.8.4.zip Gutenberg
 14.8.4]
 2. Unzip to a directory other than "wp-content/plugins/". Example:
   {{{
     unzip ~/Downloads/gutenberg.14.8.4.zip -d ~/wp-test/plugins
   }}}
 3. Ensure whatever directory you place the plugin into is writable.
 Example:
   {{{
     sudo find ~/wp-test/plugins -type d -exec chmod 777 {} \; && '
     sudo find ~/wp-test/plugins -type f -exec chmod 666 {} \;
   }}}
 4. Navigate to plugin directory. Example:
   {{{
     cd src/wp-content/plugins
   }}}
 5. Create symlink. Example:
   {{{
     ln -s ~/wp-test/plugins/gutenberg/ gutenberg
   }}}
 6. Attempt to upgrade the plugin from the admin dashboard.

 === Expected Results
 When reproducing the bug/defect:
 - ❌ folders/files are deleted during upgrade.

 When testing the patch:
 - ✅ No folders/files are deleted during upgrade.

 === Environment
 * OS: Pop!_OS
 * Web Server: Docker-Desktop & wordpress-develop
 * PHP: 7.4.33
 * WordPress: 6.2-alpha-54642-src
 * Browser: Chrome 108
 * Theme: Twenty Twenty-Three
 * Active Plugins:
   * Gutenberg 14.8.4

 === Actual Results
 When reproducing the bug/defect:
 - ❌ All files/folders in `gutenberg/` were deleted. Plugin dashboard
 displays "Update failed: Could not remove the old plugin." because the
 files were deleted and there is nothing to remove.

 When testing the patch:
 - ✅ No folders/files were deleted during upgrade.

 === Additional Notes
 - I only tested with the `direct` FS method and not `ftp` or `ssh2`.
 - Also, it looks like [https://github.com/WordPress/wordpress-
 develop/pull/3372 pr:3372] currently only addresses the `direct` FS
 method.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/15134#comment:57>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform