getmyuid() called instead of posix_getuid() in get_filesystem_method() (wp-admin/includes/file.php)
|Reported by:||pgl||Owned by:||dd32|
|Cc:||pgl@…, joel@…, aikar@…|
In wp-admin/includes/file.php, the function get_filesystem_method() attempts to figure out whether it is able to write files correctly, and therefore whether it can update or install files directly, or needs to use some other method.
As part of the function, in a particular case it writes a temporary file and compares it to the return value of getmyuid(). I think this is a mistake - the return value of getmyuid() is the owner of the current _file_ that's being run, not the current process - so if the file is owned by a user other than that of the web server's UID, it thinks it can't install directly (even if it actually can, because the directories are group writable).
This can be worked around by simply changing the owner of the file to another user, although this isn't always going to be possible for the person running Wordpress.
To fix this, change the function call to check the return value of posix_getuid() instead of getmyuid(). (NB: this function isn't available on Windows.)
Change History (23)
- Component changed from Administration to Filesystem
- Milestone changed from Unassigned to 2.9
- Owner set to dd32
- Milestone 2.9 deleted
- Resolution set to wontfix
- Status changed from new to closed
- Cc joel@… added
- Resolution wontfix deleted
- Status changed from closed to reopened
- Keywords has-patch dev-feedback added; uid filesystem method file.php posix_getuid getmyuid direct install upgrade removed
- Cc Aikar added
- Type changed from enhancement to defect (bug)
- Version changed from 2.8 to 3.0
- Type changed from defect (bug) to enhancement
- Version changed from 3.0 to 2.8