[wp-trac] [WordPress Trac] #26781: Directory permissions not correctly fixed for new media upload dirs

WordPress Trac noreply at wordpress.org
Mon Jan 6 08:33:35 UTC 2014 

#26781: Directory permissions not correctly fixed for new media upload dirs
--------------------------+-----------------------------
 Reporter:  fboender      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  trunk
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 (As requested in ticket #25822, I'm creating a new ticket)

 Wordpress 3.8 does not always set the directory permissions for newly
 created media directories properly.

 Steps to reproduce:

 Before creating the first media attachment in 2014:

 {{{
 [root at zoltar]/var/www/electricmonk.nl/htdocs/log/wp-content/uploads# ls
 -la
 total 36
 drwxr-xr-x  9 fboender fboender 4096 Aug  2 07:27 .
 drwxr-xr-x  8 fboender fboender 4096 Dec 27 13:51 ..
 drwxr-xr-x 10 fboender fboender 4096 Dec 16 08:24 2013
 }}}

 Now I upload a new media file, which causes the directory tree for 2014 to
 be created. The resulting permissions on the directory:

 {{{
 [root at zoltar]/var/www/electricmonk.nl/htdocs/log/wp-content/uploads# ls
 -la
 total 40
 drwxr-xr-x 10 fboender fboender 4096 Jan  6 09:04 .
 drwxr-xr-x  8 fboender fboender 4096 Dec 27 13:51 ..
 drwxr-xr-x 10 fboender fboender 4096 Dec 16 08:24 2013
 drwxr-----  3 fboender fboender 4096 Jan  6 09:04 2014
 }}}

 The media files are now not properly accessible and give a "403 Forbidden"
 HTTP error.

 I've traced the problem to a patch (introduced in ticket #25822) which
 causes the permission-fixing done by wp_mkdir_p to fail. This line:

 {{{
 1381:                if ( $dir_perms != $dir_perms & ~umask() ) {
 }}}

 Shoud be:
 {{{
 1381:                if ( $dir_perms != ( $dir_perms & ~umask() ) ) {
 }}}

 Right now, the condition is not met properly due to operator precedence.
 This causes the code to re-set the $dir_perms correctly to not be run.

 I've attached a patch to fix the problem. After the patch, the directories
 are created properly:

 {{{
 [root at zoltar]/var/www/electricmonk.nl/htdocs/log/wp-content/uploads# ls
 -la
 total 40
 drwxr-xr-x 10 fboender fboender 4096 Jan  6 09:22 .
 drwxr-xr-x  8 fboender fboender 4096 Dec 27 13:51 ..
 drwxr-xr-x 10 fboender fboender 4096 Dec 16 08:24 2013
 drwxr-xr-x  3 fboender fboender 4096 Jan  6 09:22 2014
 }}}

 ''' Software used '''

 * Wordpress 3.8 (I also verified that the problem is still in trunk).
 * PHP 5.3.3-7+squeeze15 with Suhosin-Patch (cli) (built: Mar  4 2013
 13:11:17)
 * PHP is running under mod_suphp (which is why the directory
 ownership/permissions are somewhat different than stock wordpress).

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26781>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list