[wp-trac] [WordPress Trac] #56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr

WordPress Trac noreply at wordpress.org
Sun Jul 10 23:45:49 UTC 2022

#56189: Updater tries to access File(/.svn) and /.git /.gh /.bzr
 Reporter:  Robin Labadie              |       Owner:  (none)
     Type:  defect (bug)               |      Status:  reopened
 Priority:  normal                     |   Milestone:
Component:  Upgrade/Install            |     Version:  6.0
 Severity:  minor                      |  Resolution:
 Keywords:  needs-patch needs-testing  |     Focuses:
Changes (by Robin Labadie):

 * status:  closed => reopened
 * resolution:  invalid =>


 Hello @pbiron
 Thank you for your welcoming and attention.

 I am the hosting company. (lol?)
 I know how open_basedir works.

 But in order for this script to not trigger errors, one would need to have
 the website having access to "/" on the server with open_basedir, which
 doesn't make any sense: you won't let a website own the whole system,
 especially on shared hostings. WordPress shouldn't ever have access to a
 file like "File(/.svn)". Maybe "../.svn" at best, but it won't ever have
 access to the filesystem base on the system.

 Isn't there a cleaner way to implement this feature, than randomly
 checking paths and triggering a whole bunch open_basedir errors, in order
 to check if the website is under version control?

 Thank you

Ticket URL: <https://core.trac.wordpress.org/ticket/56189#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list