id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
8400,Plugin upgrade not possible without being script owner,sigvei,,"In my server setup, I have wordpress located in $HOME/wordpress, and that is symlinked to a public www directory. The files in $HOME/wordpress are owned by me, with www-data (webserver's group) as group owner. Files and directories are readable and writable by both owner and group. This means I won't have to have root access to upgrade wordpress, and yet I am still able to edit plugin and theme files.

This means plugin upgrades should be possible. However, get_filesystem_method in wp-admin/includes/file.php checks whether direct access is possible by doing this:


{{{
$temp_file = wp_tempnam();
if ( getmyuid() == fileowner($temp_file) )
	$method = 'direct';
unlink($temp_file);
}}}

With a standard server setup, $temp_file will be owned by the user owning wp-admin/update.php. In my setup, that means this check fails.

I am not quite at the patch stage here, as I am not quite sure of the permission needs of plugin update files. But testing whether the owner of update.php is the same as the owner of the apache process seems like a clear bug to me. It isn't relevant to the task.",defect (bug),closed,normal,,Plugins,2.6,normal,wontfix,,foresto