867 | | if ( getmyuid() == @fileowner($temp_file_name) ) |
| 867 | // Compare the owning UID of WordPress files to that of the files WordPress/PHP Creates |
| 868 | // This ensures that all core files remain owned by the same user and do not "leak" to the PHP processes user during upgrades |
| 869 | // This is a step more than simple write access, designed to ensure 100% compatibility rather than 90% compat with certain configurations |
| 870 | // Changing this to only require write access is possible, but at the detriment that many FTP configurations & quota configurations used by shared hosts will become inoperable, and/or open up WordPress files to being modified by other accounts PHP scripts in the event of a configuration change. |
| 871 | // Any server using a per-user PHP-fpm, suExec, or, suPHP configuration will PASS with the below. |
| 872 | // A server with files owned by 'johndoe', and PHP executing as 'apache' will FAIL. |
| 873 | // eg: |
| 874 | // fail: |
| 875 | // getmyuid() == fileowner(__FILE__) == 501; // johndoe |
| 876 | // posix_getuid() == fileowner( $temp_file_name ) == 500; // apache |
| 877 | // pass: |
| 878 | // getmyuid() == fileowner(__FILE__) == posix_getuid() == fileowner( $temp_file_name ) == 501; // johndoe |
| 879 | // |
| 880 | $uid_of_wordpress_files = @fileowner( __FILE__ ); // getmyuid() also returns this, except it refers to the entry .php rather than this included file |
| 881 | if ( $uid_of_wordpress_files && $uid_of_wordpress_files === @fileowner( $temp_file_name ) ) |