[wp-trac] [WordPress Trac] #51340: Stop chmodding files and folders
WordPress Trac
noreply at wordpress.org
Mon Mar 27 20:21:47 UTC 2023
#51340: Stop chmodding files and folders
----------------------------+------------------------------
Reporter: malthert | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem API | Version: 5.3
Severity: major | Resolution:
Keywords: dev-feedback | Focuses:
----------------------------+------------------------------
Comment (by kkmuffme):
>Also perhaps instead of checking the exact permissions is_readable() or
is_writable() may make more sense in some cases?
I think that would make sense, otherwise 99% of plugin developers would
think there was an error when there was none when chmod is disabled via
php.ini.
A function exists check is a must in any way and I think this is something
that could be implemented independently of this specific
ticket/filters/constants, since it doesn't really change any behavior.
---
I'm not sure if a filter is a good idea though (but - already now there
is tons of WP malware, that will even modify the wp-config.php to remove
any `DISALLOW_FILE_MODS` - so it's not far fetched that any filters would
just be overwritten by malware with a late priority. Using a constant
(that could be set via an auto prepend file in php.ini) would be safer.
However, in the end this again means: the only save way is to disable
those functions via php.ini `disable_functions`
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51340#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list