[wp-trac] [WordPress Trac] #15134: WordPress should not try to remove theme's or plugin's directory recursively if the directory is a symlink

WordPress Trac noreply at wordpress.org
Wed Aug 25 20:33:06 UTC 2021 

#15134: WordPress should not try to remove theme's or plugin's directory
recursively if the directory is a symlink
---------------------------------+-----------------------
 Reporter:  vladimir_kolesnikov  |       Owner:  pbiron
     Type:  defect (bug)         |      Status:  accepted
 Priority:  normal               |   Milestone:  5.9
Component:  Upgrade/Install      |     Version:
 Severity:  major                |  Resolution:
 Keywords:  has-patch            |     Focuses:
---------------------------------+-----------------------

Comment (by marybaum):

 Replying to [ticket:15134 vladimir_kolesnikov]:

 May we edit the title of this very worthwhile ticket to say the following:

 >WordPress should not try to remove themes or plugins recursively if the
 directory is a symlink

 In English we do not use apostrophes to indicate plural nouns.

 Thanks!

 > Consider the situation: there is a server with multiple WordPress blogs
 hosted in it. Some plugins are common for all/many blogs and to save
 several (hundreds in our case) megs of the disk space, shared plugins are
 stored somehwere else (say, /var/www/wp-plugins) and there are symbolic
 links to /var/www/wp-plugins/<plugins> from /home/<user>/wp-
 content/plugins/<plugins>.
 >
 > The onwer of the blog (user1) may not know these details and wants to
 update one of the plugins (plugin1) using automatic update feature.
 WordPress will then try to remove /home/user1/wp-content/plugins/plugin1/
 recursively although /home/user1/wp-content/plugins/plugin1 is a symlink
 to /var/www/wp-plugins/plugin1.
 >
 > The obvious solution is to add a check to the filesystem classes that
 checks if the file is a symlink and if so, remove symlink with unlink()
 instead of trying to follow it and remove everything it sees.
 >
 > The advantage of this approach is that if the user symlinks a plugin to
 other user's data, those data will not be removed by WordPress (this can
 be very good for those hosts where all users are served by the same Apache
 user etc).

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/15134#comment:27>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list