[wp-trac] [WordPress Trac] #13772: _unzip_file_ziparchive fails with open_basedir in effect
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 7 18:54:58 UTC 2010
#13772: _unzip_file_ziparchive fails with open_basedir in effect
-----------------------------+----------------------------------------------
Reporter: tinuzz | Owner: dd32
Type: defect (bug) | Status: new
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 3.0
Severity: normal | Keywords: open_ basedir mkdir
-----------------------------+----------------------------------------------
wp-admin/includes/file.php contains a function called
_unzip_file_ziparchive, that is used -at least- for automatically
upgrading plugins.
In this function, the list of needed directories, that it is passed as the
third argument, is expanded, so that is contains all the parent
directories of every needed directory, up to '/'.
After that, for each path component, starting with '/', an attempt to
create it is made, and if that fails, its existence is checked with
$wp_filesystem->is_dir().
Now, when FS_METHOD == "direct" and open_basedir is in effect,
$wp_filesystem->is_dir('/') returns false, and it does this for every
directory that is outside the open_basedir.
The result is, that the action fails with the message "Could not create
directory. /".
I think that Wordpress should not try and create directories /above/ its
own installation directory. Wordpress trying to do mkdir('/') is juist
plain stupid.
A check should be implemented so that Wordpress will only attempt to
create directories /below/ WP_CONTENT_DIR.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13772>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list