[wp-trac] [WordPress Trac] #31554: Setting FS_METHOD, FTP_USR etc in wp-config.php with missing wp-content/languages directory leads to SegFaults

WordPress Trac noreply at wordpress.org
Sat Mar 7 13:07:13 UTC 2015 

#31554: Setting FS_METHOD,FTP_USR etc in wp-config.php with missing wp-
content/languages directory leads to SegFaults
-------------------------------------------+-----------------------------
 Reporter:  jobst                          |      Owner:
     Type:  defect (bug)                   |     Status:  new
 Priority:  normal                         |  Milestone:  Awaiting Review
Component:  Administration                 |    Version:  4.1.1
 Severity:  normal                         |   Keywords:
  Focuses:  accessibility, administration  |
-------------------------------------------+-----------------------------
 Hi!

 I had the problem discribed in the subject line on a couple of websites
 using themes by rockettheme. At first I thought it is based on the themes
 and plugins I was using. To be sure I tried this with a fresh install of
 WP 4.1.1. I found that I could reproduce the problem I have described in
 the subject line with a fresh install.

 PROBLEM DESCRIPTION:
  * A freshly installed wordpress site that has the FTP CONSTANTS set in
 wp-config.php will create SEG-FAULT message in error_log of the apache log
 files when accessing Setting -> General
  * A fresh install will fail on deletion of an installed plugin and
 display a page with either "zero reply" or "browser error" if the FTP
 CONSTANTS are set in wp-config.php
  * both issues use the same function call leading to the errors.
  * the name of the function is "fs_connect"

 SYSTEM:
  * LAMP
  * 2.6.18-400.1.1.el5.centos.plus
  * PHP 5.3.29
  * Apache/2.2.3
  * MYSQL 5.5.37
  * WP 4.1.1 (fresh install)

 HOW TO REPRODUCE:
  * install a fresh WP 4.1.1 version
  * open website and follow all of the prompts to install site, create
 admin etc
  * log into the site using the just created admin
  * go to the admin panel using http://YOUR_SITEDOMAIN/wp-admin/
  * click on Setting -> General
  * everything works fine
  * now add the FTP stuff as shown in http://codex.wordpress.org
 /Editing_wp-config.php to wp-config.php
  * click on Setting -> General
  * page has display problems, not updated properly, sometimes it says "
 .... zero reply .... "
  * a SEG-FAULT message is produced, e.g. [Sat Mar 07 15:50:51 2015]
 [notice] child pid 15422 exit signal Segmentation fault (11)
  * now go to /PATH_TO_WP_INSTALL/wp-content
  * add a directory with the name of "languages"
  * click on Setting -> General
  * no problem, no seg fault, page is displayed properly and refreshed

 MY RESEARCH INTO THIS:

 It took me some tracing to find that the error was created in
 /PATH_TO_WP_INSTALL/wp-admin/includes/class-wp-upgrader.php in the
 function fs_connect in the switch statement "default" case. I included a
 debug statement in that function right at he beginning to see what path
 generated this error:
 {{{
  error_log(" FS_CONNECT: ".print_r($directories,1));
 }}}
 which gave me this output on fail:
 {{{
 [07-Mar-2015 06:44:40 UTC]  FS_CONNECT: Array
 (
     [0] => /PATHDELETED/wp-content
     [1] => /PATHDELETED/wp-content/languages
 )
 }}}
 while the error_log displayed this:
 {{{
 [Sat Mar 07 17:44:40 2015] [notice] child pid 578 exit signal Segmentation
 fault (11)
 }}}

 It took me some time to get to the real problem:

 * When the function "fs_connect" (see a couple of lines above) is called,
 it calls a function find_folder($dir) where $dir is (when the seg fault is
 called) "/PATHDELETED/wp-content/languages".

 * find_folder resides in /PATHDELETED/wp-admin/includes/class-wp-
 filesystem-base.php on line 222. If this function cannot find the folder
 after some 30 lines of code tried to find it, the function employs another
 function called "seach_for_folder()" which is in the same file on line
 291.

 * Right at the start of that function "seach_for_folder()" there is an if
 statement checking whether $base is empty or '.', if either it sets
 {{{$base = railingslashit($this->cwd()); }}} which actually is the bug.

 * all trailingslashit does appending a "/" to the end of the string
 returned by $this->cwd() - however $this->cwd() returns a string that
 includes a "\n", this crashes wordpress with a segfault so in fact the
 return string has a newline character in between the string and the /

 FAULTY EXAMPLE

 {{{
 if ( empty( $base ) || '.' == $base )
   $base = trailingslashit($this->cwd());
 error_log("BASE: ".$base);

 BASE: /home/ssh_user_name
 /
 }}}

 CHANGED CODE TO FIX THE BUG:
 {{{
 if ( empty( $base ) || '.' == $base )
 {
   $tmp=$this->cwd();
   $tmp=preg_replace("/[\r\n\m\t]/","",$tmp);
   $base = trailingslashit($tmp);
 }
 echo "BASE: $base"

 BASE: /home/ssh_user_name/
 }}}

 The last example does not SEGFAULT the system.

 There is a secondary issue with this, due to the failure (SEG FAULT) of
 the script no error is returned to the caller, in this case "/wp-admin
 /options-general.php", the user will not see the problem other than after
 "Timezone" nothing is diplayed and the button "Save Changes" is missing.

 Since the deletion of a plugin calls "fs-connect" is has the same problem.


 jobst

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31554>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list