[wp-trac] [WordPress Trac] #56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr
WordPress Trac
noreply at wordpress.org
Sun Jul 10 23:45:49 UTC 2022
#56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr
---------------------------------------+-----------------------
Reporter: Robin Labadie | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 6.0
Severity: minor | Resolution:
Keywords: needs-patch needs-testing | Focuses:
---------------------------------------+-----------------------
Changes (by Robin Labadie):
* status: closed => reopened
* resolution: invalid =>
Comment:
Hello @pbiron
Thank you for your welcoming and attention.
I am the hosting company. (lol?)
I know how open_basedir works.
But in order for this script to not trigger errors, one would need to have
the website having access to "/" on the server with open_basedir, which
doesn't make any sense: you won't let a website own the whole system,
especially on shared hostings. WordPress shouldn't ever have access to a
file like "File(/.svn)". Maybe "../.svn" at best, but it won't ever have
access to the filesystem base on the system.
Isn't there a cleaner way to implement this feature, than randomly
checking paths and triggering a whole bunch open_basedir errors, in order
to check if the website is under version control?
Thank you
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56189#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list