[wp-trac] [WordPress Trac] #56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr
WordPress Trac
noreply at wordpress.org
Sun Jul 10 12:39:55 UTC 2022
#56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr
-----------------------------+---------------------------------------
Reporter: Robin Labadie | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 6.0
Severity: minor | Keywords: needs-patch needs-testing
Focuses: |
-----------------------------+---------------------------------------
Hi,
This line:
wp-admin/includes/class-wp-automatic-updater.php:104
Is trigerred when visiting the Updates page.
Using plugin "Query Monitor", we can see that it triggers errors as it
tries to access ".svn" as well as .git, .gh and .bzr in rootdir of
wordpress install as well as every single parent dir.
This leads to unwanted open_basedir errors:
{{{
is_dir(): open_basedir restriction in effect.
File(/var/www/vhosts/terageek.org/.svn) is not within the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
is_dir(): open_basedir restriction in effect. File(/var/www/vhosts/.svn)
is not within the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
is_dir(): open_basedir restriction in effect. File(/var/www/.svn) is not
within the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
is_dir(): open_basedir restriction in effect. File(/var/.svn) is not
within the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
is_dir(): open_basedir restriction in effect. File(/.svn) is not within
the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
}}}
Same errors occur with .git .gh .bzr with the exact same variation as the
location it tries to access it, like:
{{{
is_dir(): open_basedir restriction in effect. File(/.bzr) is not within
the allowed path(s):
(/var/www/vhosts/terageek.org/shop.terageek.org/:/tmp/)
}}}
This is at least reproduced using PHP 8.1 on any WordPress hosted on a
Plesk server (Debian and CentOS) that I've ever tried.
I'm unsure why WordPress would want to access these directories. A fix
would be awesome.
I remain available if someone needs a test hosting to reproduce the issue.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56189>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list