[wp-trac] [WordPress Trac] #15021: get_filesystem_method has a bogus direct method detection

WordPress Trac wp-trac at lists.automattic.com
Sun Oct 3 10:56:16 UTC 2010

#15021: get_filesystem_method has a bogus direct method detection
 Reporter:  landure       |       Owner:                                        
     Type:  defect (bug)  |      Status:  new                                   
 Priority:  normal        |   Milestone:  Awaiting Review                       
Component:  Filesystem    |     Version:  3.0.1                                 
 Severity:  normal        |    Keywords:  FS_METHOD, file, get_filesystem_method
 in wp-admin/includes/file.php, the function get_filesystem_method is used
 to detect the available fs_methods.

 When testing for direct method, the following test is successfull only if
 the php script calling the method is owned by the web server user.

 if ( getmyuid() == @fileowner($temp_file_name) )

 For exemple, for direct fs_method auto detection to work when installing a
 plugin, the wp-admin/update.php script must be owned by www-data:www-data
 (on a debian GNU/Linux OS).

 A possible correction to this is :

       if ( function_exists('posix_getuid') ) {
         if ( posix_getuid() == @fileowner($temp_file_name) )
           $method = 'direct';
       elseif ( getmyuid() == @fileowner($temp_file_name) )
         $method = 'direct';

 This correction use posix_getuid instead of getmyuid when possible (unix
 systems for examble). If posix_getuid is not available, it fallback to the
 original getmyuid test.

 With this code, the direct FS_METHOD is correctly autodetected on a Debian
 GNU/Linux 5.0 Lenny system with all wordpress files ownership set to root
 user instead of www-data (except for wp-content directory).

Ticket URL: <http://core.trac.wordpress.org/ticket/15021>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list