[wp-trac] [WordPress Trac] #42619: WordPress tries to access.bzr or .git without checking open_basedir restrictions
WordPress Trac
noreply at wordpress.org
Sun Feb 26 15:18:00 UTC 2023
#42619: WordPress tries to access.bzr or .git without checking open_basedir
restrictions
-------------------------------------------------+-------------------------
Reporter: meyegui | Owner:
| SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.2
Component: Upgrade/Install | Version: 4.9
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing has-unit- | Focuses:
tests commit |
-------------------------------------------------+-------------------------
Changes (by SergeyBiryukov):
* owner: (none) => SergeyBiryukov
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"55425" 55425]:
{{{
#!CommitTicketReference repository="" revision="55425"
Upgrade/Install: Introduce `WP_Automatic_Updater::is_allowed_dir()`
method.
As part of determining whether to perform automatic updates, WordPress
checks if it is running within a version-controlled environment,
recursively looking up the filesystem to the top of the drive, looking for
a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of
detecting a VCS checkout somewhere.
This commit avoids a PHP warning if the `open_basedir` directive is in use
and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within
the allowed path(s)
}}}
Follow-up to [25421], [25700], [25764], [25835], [25859].
Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie,
hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes #42619.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42619#comment:25>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list