[wp-trac] [WordPress Trac] #31554: Setting FS_METHOD, FTP_USR etc in wp-config.php with missing wp-content/languages directory leads to SegFaults
WordPress Trac
noreply at wordpress.org
Sat Mar 7 13:07:13 UTC 2015
#31554: Setting FS_METHOD,FTP_USR etc in wp-config.php with missing wp-
content/languages directory leads to SegFaults
-------------------------------------------+-----------------------------
Reporter: jobst | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 4.1.1
Severity: normal | Keywords:
Focuses: accessibility, administration |
-------------------------------------------+-----------------------------
Hi!
I had the problem discribed in the subject line on a couple of websites
using themes by rockettheme. At first I thought it is based on the themes
and plugins I was using. To be sure I tried this with a fresh install of
WP 4.1.1. I found that I could reproduce the problem I have described in
the subject line with a fresh install.
PROBLEM DESCRIPTION:
* A freshly installed wordpress site that has the FTP CONSTANTS set in
wp-config.php will create SEG-FAULT message in error_log of the apache log
files when accessing Setting -> General
* A fresh install will fail on deletion of an installed plugin and
display a page with either "zero reply" or "browser error" if the FTP
CONSTANTS are set in wp-config.php
* both issues use the same function call leading to the errors.
* the name of the function is "fs_connect"
SYSTEM:
* LAMP
* 2.6.18-400.1.1.el5.centos.plus
* PHP 5.3.29
* Apache/2.2.3
* MYSQL 5.5.37
* WP 4.1.1 (fresh install)
HOW TO REPRODUCE:
* install a fresh WP 4.1.1 version
* open website and follow all of the prompts to install site, create
admin etc
* log into the site using the just created admin
* go to the admin panel using http://YOUR_SITEDOMAIN/wp-admin/
* click on Setting -> General
* everything works fine
* now add the FTP stuff as shown in http://codex.wordpress.org
/Editing_wp-config.php to wp-config.php
* click on Setting -> General
* page has display problems, not updated properly, sometimes it says "
.... zero reply .... "
* a SEG-FAULT message is produced, e.g. [Sat Mar 07 15:50:51 2015]
[notice] child pid 15422 exit signal Segmentation fault (11)
* now go to /PATH_TO_WP_INSTALL/wp-content
* add a directory with the name of "languages"
* click on Setting -> General
* no problem, no seg fault, page is displayed properly and refreshed
MY RESEARCH INTO THIS:
It took me some tracing to find that the error was created in
/PATH_TO_WP_INSTALL/wp-admin/includes/class-wp-upgrader.php in the
function fs_connect in the switch statement "default" case. I included a
debug statement in that function right at he beginning to see what path
generated this error:
{{{
error_log(" FS_CONNECT: ".print_r($directories,1));
}}}
which gave me this output on fail:
{{{
[07-Mar-2015 06:44:40 UTC] FS_CONNECT: Array
(
[0] => /PATHDELETED/wp-content
[1] => /PATHDELETED/wp-content/languages
)
}}}
while the error_log displayed this:
{{{
[Sat Mar 07 17:44:40 2015] [notice] child pid 578 exit signal Segmentation
fault (11)
}}}
It took me some time to get to the real problem:
* When the function "fs_connect" (see a couple of lines above) is called,
it calls a function find_folder($dir) where $dir is (when the seg fault is
called) "/PATHDELETED/wp-content/languages".
* find_folder resides in /PATHDELETED/wp-admin/includes/class-wp-
filesystem-base.php on line 222. If this function cannot find the folder
after some 30 lines of code tried to find it, the function employs another
function called "seach_for_folder()" which is in the same file on line
291.
* Right at the start of that function "seach_for_folder()" there is an if
statement checking whether $base is empty or '.', if either it sets
{{{$base = railingslashit($this->cwd()); }}} which actually is the bug.
* all trailingslashit does appending a "/" to the end of the string
returned by $this->cwd() - however $this->cwd() returns a string that
includes a "\n", this crashes wordpress with a segfault so in fact the
return string has a newline character in between the string and the /
FAULTY EXAMPLE
{{{
if ( empty( $base ) || '.' == $base )
$base = trailingslashit($this->cwd());
error_log("BASE: ".$base);
BASE: /home/ssh_user_name
/
}}}
CHANGED CODE TO FIX THE BUG:
{{{
if ( empty( $base ) || '.' == $base )
{
$tmp=$this->cwd();
$tmp=preg_replace("/[\r\n\m\t]/","",$tmp);
$base = trailingslashit($tmp);
}
echo "BASE: $base"
BASE: /home/ssh_user_name/
}}}
The last example does not SEGFAULT the system.
There is a secondary issue with this, due to the failure (SEG FAULT) of
the script no error is returned to the caller, in this case "/wp-admin
/options-general.php", the user will not see the problem other than after
"Timezone" nothing is diplayed and the button "Save Changes" is missing.
Since the deletion of a plugin calls "fs-connect" is has the same problem.
jobst
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31554>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list