[wp-trac] [WordPress Trac] #49403: WordPress prompts for FTP credentials to perform updates

WordPress Trac noreply at wordpress.org
Mon Feb 17 14:15:31 UTC 2020


#49403: WordPress prompts for FTP credentials to perform updates
-------------------------------+------------------------------
 Reporter:  shadowlmd          |       Owner:  (none)
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Filesystem API     |     Version:  5.3.2
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+------------------------------

Comment (by shadowlmd):

 @noisysocks, where exactly does it try to create a file? Web server (and
 therefore any php script) is allowed to write in WP installation
 directory. File ownership will be www-data:www-data on created files.
 Example is wp-config.php created during first time set up:

 user at home:~/www/wpsite.online$ ls -l wp-config.php
 -rw-rw-rw- 1 www-data www-data 3270 Feb  8 13:12 wp-config.php

 Anyway, I see where the problem comes from. Here's the code:
 {{{#!php
                         $wp_file_owner   = false;
                                 $temp_file_owner = false;
                                 if ( function_exists( 'fileowner' ) ) {
                                         $wp_file_owner   = @fileowner(
 __FILE__ );
                                         $temp_file_owner = @fileowner(
 $temp_file_name );
                                 }

                                 if ( $wp_file_owner !== false &&
 $wp_file_owner === $temp_file_owner ) {
                                         // WordPress is creating files as
 the same owner as the WordPress files,
                                         // this means it's safe to modify
 & create new files via PHP.
                                         $method
 = 'direct';
 $GLOBALS['_wp_filesystem_direct_method'] = 'file_owner';
                                 } elseif ( $allow_relaxed_file_ownership )
 {
                                         // The $context directory is
 writable, and $allow_relaxed_file_ownership is set, this means we can
 modify files
                                         // safely in this directory. This
 mode doesn't create new files, only alter existing ones.
                                         $method
 = 'direct';
 $GLOBALS['_wp_filesystem_direct_method'] = 'relaxed_ownership';
                                 }
 }}}

 Test $wp_file_owner === $temp_file_owner will obviously fail because
 created file will be owned by www-data and __FILE__ will be owned by user.
 This is a common configuration and definitely not a reason to require FTP
 permissions.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49403#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list