[wp-trac] [WordPress Trac] #53298: Checking if wp-config-sample.php file exists before checking if wp-config.php exists
WordPress Trac
noreply at wordpress.org
Mon May 29 15:35:21 UTC 2023
#53298: Checking if wp-config-sample.php file exists before checking if wp-
config.php exists
-------------------------------------+-------------------------------------
Reporter: machineitsvcs | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 5.7.2
Severity: trivial | Resolution:
Keywords: needs-patch dev- | Focuses: administration,
feedback | privacy, coding-standards
-------------------------------------+-------------------------------------
Comment (by SergeyBiryukov):
Replying to [comment:4 costdev]:
> I'd appreciate your thoughts on how this might proceed.
`WP_Automatic_Updater::is_allowed_dir()` was recently introduced in
[55425] / #42619 to check for an `open_basedir` restriction in the context
of automatic updates.
It looks like this may be useful in other contexts too, so perhaps we
could move that check into a separate function and make that method a
wrapper?
That said, it might not be worth it if this is the only other place where
that check is needed, so using `@` seems fine.
Replying to [ticket:53298 machineitsvcs]:
> For security, some WordPress users may delete the sample file, and
restrict open_basedir for directory above that of the web root directory.
I'm curious though, what kind of security enhancement does removing the
`wp-config-sample.php` file provide? Unless I'm missing something, that
file cannot be used in any way if `wp-config.php` exists already.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53298#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list