[wp-trac] [WordPress Trac] #24007: Check for file permissions is too strict
WordPress Trac
noreply at wordpress.org
Tue Apr 9 16:23:06 UTC 2013
#24007: Check for file permissions is too strict
-----------------------------+-----------------------------
Reporter: thanatica2 | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Upgrade/Install
Version: 3.5.1 | Severity: normal
Keywords: |
-----------------------------+-----------------------------
This affects upgrading WP and updating plugins/themes. When checking for
sufficient file permissions to have WP write to itself, it also checks to
see if a created temp file is owned by the apache user.
This wrong, because it does not have to be configured that way. In my
particular case, I configured it in such a way that the file owner of a
newly created file is always the same user, regardless of who creates the
file (creator != owner, I say).
One more reason that this extra check is superfluous, is that when an
application has found that it can create a file, and it can write to it,
and can delete it afterwards, that's *enough*. There's no need to be owner
of a file in order to manipulate it.
This is what WP is trying to do:
{{{
if ( getmyuid() == @fileowner($temp_file_name) )
}}}
At line 857 in file /wp-admin/includes/file.php
Comment out that line, and upgrading/updating works beautifully.
What's worse, when it "fails", it silently goes to the FTP form, without
ever telling the user (which is me, a rookie developer) what went wrong,
and when, and why, and where. The fail is completely silent. I had "some
words" to say while tracking this bug down, because I had no way of
knowing where to even start. But that's in the past now.
I strongly suggest removing this extra check, because as said, it is
completely unneccesary as far as I can see.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24007>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list