[wp-trac] [WordPress Trac] #15021: get_filesystem_method has a bogus direct method detection
WordPress Trac
wp-trac at lists.automattic.com
Sun Oct 3 10:56:16 UTC 2010
#15021: get_filesystem_method has a bogus direct method detection
--------------------------+-------------------------------------------------
Reporter: landure | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Filesystem | Version: 3.0.1
Severity: normal | Keywords: FS_METHOD, file, get_filesystem_method
--------------------------+-------------------------------------------------
in wp-admin/includes/file.php, the function get_filesystem_method is used
to detect the available fs_methods.
When testing for direct method, the following test is successfull only if
the php script calling the method is owned by the web server user.
{{{
if ( getmyuid() == @fileowner($temp_file_name) )
$method='direct';
}}}
For exemple, for direct fs_method auto detection to work when installing a
plugin, the wp-admin/update.php script must be owned by www-data:www-data
(on a debian GNU/Linux OS).
A possible correction to this is :
{{{
if ( function_exists('posix_getuid') ) {
if ( posix_getuid() == @fileowner($temp_file_name) )
$method = 'direct';
}
elseif ( getmyuid() == @fileowner($temp_file_name) )
$method = 'direct';
}}}
This correction use posix_getuid instead of getmyuid when possible (unix
systems for examble). If posix_getuid is not available, it fallback to the
original getmyuid test.
With this code, the direct FS_METHOD is correctly autodetected on a Debian
GNU/Linux 5.0 Lenny system with all wordpress files ownership set to root
user instead of www-data (except for wp-content directory).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15021>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list