Make WordPress Core

Ticket #30245: 30245.diff

File 30245.diff, 26.6 KB (added by dd32, 7 years ago)
  • src/wp-admin/includes/class-wp-filesystem-base.php

     
    11<?php
    22/**
    33 * Base WordPress Filesystem
    44 *
    55 * @package WordPress
    66 * @subpackage Filesystem
    77 */
    88
    99/**
    1010 * Base WordPress Filesystem class for which Filesystem implementations extend
    1111 *
    1212 * @since 2.5.0
    1313 */
    1414class WP_Filesystem_Base {
     15
     16        /**
     17         * The Minimum chmod value for directories created with this class.
     18         *
     19         * @access public
     20         * @since 4.1.0
     21         * @var octal
     22         */
     23        public $default_minimum_chmod_dir = 0755;
     24
     25        /**
     26         * The Minimum chmod value for files created with this class.
     27         *
     28         * @access public
     29         * @since 4.1.0
     30         * @var octal
     31         */
     32        public $default_minimum_chmod_file = 0644;
     33
    1534        /**
    1635         * Whether to display debug data for the connection.
    1736         *
    1837         * @access public
    1938         * @since 2.5.0
    2039         * @var bool
    2140         */
    2241        public $verbose = false;
    2342
    2443        /**
    2544         * Cached list of local filepaths to mapped remote filepaths.
    2645         *
    2746         * @access private
    2847         * @since 2.7.0
    2948         * @var array
  • src/wp-admin/includes/class-wp-filesystem-direct.php

     
    370370
    371371                        if ( 'd' == $struc['type'] ) {
    372372                                if ( $recursive )
    373373                                        $struc['files'] = $this->dirlist($path . '/' . $struc['name'], $include_hidden, $recursive);
    374374                                else
    375375                                        $struc['files'] = array();
    376376                        }
    377377
    378378                        $ret[ $struc['name'] ] = $struc;
    379379                }
    380380                $dir->close();
    381381                unset($dir);
    382382                return $ret;
    383383        }
    384384}
     385
     386/**
     387 * WordPress Filesystem Class for direct Group Writable PHP file and folder manipulation.
     388 *
     389 * @since 4.1.0
     390 * @package WordPress
     391 * @subpackage Filesystem
     392 * @uses WP_Filesystem_Direct Extends class
     393 * @uses WP_Filesystem_Base Extends class
     394 */
     395class WP_Filesystem_Direct_GroupWritable extends WP_Filesystem_Direct {
     396        /**
     397         * The Minimum chmod value for directories created with this class.
     398         *
     399         * @access public
     400         * @since 4.1.0
     401         * @var octal
     402         */
     403        public $default_minimum_chmod_dir = 0775;
     404
     405        /**
     406         * The Minimum chmod value for files created with this class.
     407         *
     408         * @access public
     409         * @since 4.1.0
     410         * @var octal
     411         */
     412        public $default_minimum_chmod_file = 0664;
     413
     414        /**
     415         * constructor
     416         *
     417         * @param mixed $arg ignored argument
     418         */
     419        public function __construct($arg) {
     420                $this->method = 'direct_groupwritable';
     421                $this->errors = new WP_Error();
     422        }
     423}
     424
     425/**
     426 * WordPress Filesystem Class for direct World Writable PHP file and folder manipulation.
     427 *
     428 * @since 4.1.0
     429 * @package WordPress
     430 * @subpackage Filesystem
     431 * @uses WP_Filesystem_Direct Extends class
     432 * @uses WP_Filesystem_Base Extends class
     433 */
     434class WP_Filesystem_Direct_WorldWritable extends WP_Filesystem_Direct {
     435        /**
     436         * The Minimum chmod value for directories created with this class.
     437         *
     438         * @access public
     439         * @since 4.1.0
     440         * @var octal
     441         */
     442        public $default_minimum_chmod_dir = 0777;
     443
     444        /**
     445         * The Minimum chmod value for files created with this class.
     446         *
     447         * @access public
     448         * @since 4.1.0
     449         * @var octal
     450         */
     451        public $default_minimum_chmod_file = 0666;
     452
     453        /**
     454         * constructor
     455         *
     456         * @param mixed $arg ignored argument
     457         */
     458        public function __construct($arg) {
     459                $this->method = 'direct_worldwritable';
     460                $this->errors = new WP_Error();
     461        }
     462}
     463 No newline at end of file
  • src/wp-admin/includes/class-wp-upgrader-skins.php

     
    2828        }
    2929
    3030        public function set_upgrader(&$upgrader) {
    3131                if ( is_object($upgrader) )
    3232                        $this->upgrader =& $upgrader;
    3333                $this->add_strings();
    3434        }
    3535
    3636        public function add_strings() {
    3737        }
    3838
    3939        public function set_result($result) {
    4040                $this->result = $result;
    4141        }
    4242
    43         public function request_filesystem_credentials($error = false) {
     43        public function request_filesystem_credentials( $error = false, $context = false, $allow_relaxed_file_ownership = false ) {
    4444                $url = $this->options['url'];
    45                 $context = $this->options['context'];
    46                 if ( !empty($this->options['nonce']) )
     45                if ( ! $context ) {
     46                        $context = $this->options['context'];
     47                }
     48                if ( !empty($this->options['nonce']) ) {
    4749                        $url = wp_nonce_url($url, $this->options['nonce']);
    48                 return request_filesystem_credentials($url, '', $error, $context); //Possible to bring inline, Leaving as is for now.
     50                }
     51
     52                $extra_fields = array();
     53
     54                return request_filesystem_credentials( $url, '', $error, $context, $extra_fields, $allow_relaxed_file_ownership );
    4955        }
    5056
    5157        public function header() {
    5258                if ( $this->done_header ) {
    5359                        return;
    5460                }
    5561                $this->done_header = true;
    5662                echo '<div class="wrap">';
    5763                echo '<h2>' . $this->options['title'] . '</h2>';
    5864        }
    5965        public function footer() {
    6066                if ( $this->done_footer ) {
    6167                        return;
    6268                }
    6369                $this->done_footer = true;
     
    687693}
    688694
    689695/**
    690696 * Upgrader Skin for Automatic WordPress Upgrades
    691697 *
    692698 * This skin is designed to be used when no output is intended, all output
    693699 * is captured and stored for the caller to process and log/email/discard.
    694700 *
    695701 * @package WordPress
    696702 * @subpackage Upgrader
    697703 * @since 3.7.0
    698704 */
    699705class Automatic_Upgrader_Skin extends WP_Upgrader_Skin {
    700706        protected $messages = array();
    701707
    702         public function request_filesystem_credentials( $error = false, $context = '' ) {
    703                 if ( $context )
     708        public function request_filesystem_credentials( $error = false, $context = '', $allow_relaxed_file_ownership = false ) {
     709                if ( $context ) {
    704710                        $this->options['context'] = $context;
     711                }
    705712                // TODO: fix up request_filesystem_credentials(), or split it, to allow us to request a no-output version
    706713                // This will output a credentials form in event of failure, We don't want that, so just hide with a buffer
    707714                ob_start();
    708                 $result = parent::request_filesystem_credentials( $error );
     715                $result = parent::request_filesystem_credentials( $error, $context, $allow_relaxed_file_ownership );
    709716                ob_end_clean();
    710717                return $result;
    711718        }
    712719
    713720        public function get_upgrade_messages() {
    714721                return $this->messages;
    715722        }
    716723
    717724        public function feedback( $data ) {
    718725                if ( is_wp_error( $data ) )
    719726                        $string = $data->get_error_message();
    720727                else if ( is_array( $data ) )
    721728                        return;
    722729                else
    723730                        $string = $data;
  • src/wp-admin/includes/class-wp-upgrader.php

     
    4949                $this->strings['fs_no_themes_dir'] = __('Unable to locate WordPress Theme directory.');
    5050                /* translators: %s: directory name */
    5151                $this->strings['fs_no_folder'] = __('Unable to locate needed folder (%s).');
    5252
    5353                $this->strings['download_failed'] = __('Download failed.');
    5454                $this->strings['installing_package'] = __('Installing the latest version&#8230;');
    5555                $this->strings['no_files'] = __('The package contains no files.');
    5656                $this->strings['folder_exists'] = __('Destination folder already exists.');
    5757                $this->strings['mkdir_failed'] = __('Could not create directory.');
    5858                $this->strings['incompatible_archive'] = __('The package could not be installed.');
    5959
    6060                $this->strings['maintenance_start'] = __('Enabling Maintenance mode&#8230;');
    6161                $this->strings['maintenance_end'] = __('Disabling Maintenance mode&#8230;');
    6262        }
    6363
    64         public function fs_connect( $directories = array() ) {
     64        public function fs_connect( $directories = array(), $allow_relaxed_file_ownership = false ) {
    6565                global $wp_filesystem;
    6666
    67                 if ( false === ($credentials = $this->skin->request_filesystem_credentials()) )
     67                if ( false === ( $credentials = $this->skin->request_filesystem_credentials( false, $directories[0], $allow_relaxed_file_ownership ) ) ) {
    6868                        return false;
     69                }
    6970
    70                 if ( ! WP_Filesystem($credentials) ) {
     71                if ( ! WP_Filesystem( $credentials, $directories[0], $allow_relaxed_file_ownership ) ) {
    7172                        $error = true;
    7273                        if ( is_object($wp_filesystem) && $wp_filesystem->errors->get_error_code() )
    7374                                $error = $wp_filesystem->errors;
    74                         $this->skin->request_filesystem_credentials($error); //Failed to connect, Error and request again
     75                        // Failed to connect, Error and request again
     76                        $this->skin->request_filesystem_credentials( $error, $directories[0], $allow_relaxed_file_ownership );
    7577                        return false;
    7678                }
    7779
    7880                if ( ! is_object($wp_filesystem) )
    7981                        return new WP_Error('fs_unavailable', $this->strings['fs_unavailable'] );
    8082
    8183                if ( is_wp_error($wp_filesystem->errors) && $wp_filesystem->errors->get_error_code() )
    8284                        return new WP_Error('fs_error', $this->strings['fs_error'], $wp_filesystem->errors);
    8385
    8486                foreach ( (array)$directories as $dir ) {
    8587                        switch ( $dir ) {
    8688                                case ABSPATH:
    8789                                        if ( ! $wp_filesystem->abspath() )
    8890                                                return new WP_Error('fs_no_root_dir', $this->strings['fs_no_root_dir']);
    8991                                        break;
     
    14441446                $this->strings['start_rollback'] = __( 'Attempting to roll back to previous version.' );
    14451447                $this->strings['rollback_was_required'] = __( 'Due to an error during updating, WordPress has rolled back to your previous version.' );
    14461448        }
    14471449
    14481450        public function upgrade( $current, $args = array() ) {
    14491451                global $wp_filesystem;
    14501452
    14511453                include( ABSPATH . WPINC . '/version.php' ); // $wp_version;
    14521454
    14531455                $start_time = time();
    14541456
    14551457                $defaults = array(
    14561458                        'pre_check_md5'    => true,
    14571459                        'attempt_rollback' => false,
    14581460                        'do_rollback'      => false,
     1461                        'allow_relaxed_file_ownership' => false,
    14591462                );
    14601463                $parsed_args = wp_parse_args( $args, $defaults );
    14611464
    14621465                $this->init();
    14631466                $this->upgrade_strings();
    14641467
    14651468                // Is an update available?
    14661469                if ( !isset( $current->response ) || $current->response == 'latest' )
    14671470                        return new WP_Error('up_to_date', $this->strings['up_to_date']);
    14681471
    1469                 $res = $this->fs_connect( array(ABSPATH, WP_CONTENT_DIR) );
     1472                $res = $this->fs_connect( array( ABSPATH, WP_CONTENT_DIR ), $parsed_args['allow_relaxed_file_ownership'] );
    14701473                if ( ! $res || is_wp_error( $res ) ) {
    14711474                        return $res;
    14721475                }
    14731476
    14741477                $wp_dir = trailingslashit($wp_filesystem->abspath());
    14751478
    14761479                $partial = true;
    14771480                if ( $parsed_args['do_rollback'] )
    14781481                        $partial = false;
    14791482                elseif ( $parsed_args['pre_check_md5'] && ! $this->check_files() )
    14801483                        $partial = false;
    14811484
    14821485                /*
    14831486                 * If partial update is returned from the API, use that, unless we're doing
    14841487                 * a reinstall. If we cross the new_bundled version number, then use
     
    18991902         * @since 3.7.0
    19001903         *
    19011904         * @param string $type    The type of update being checked: 'core', 'theme',
    19021905         *                        'plugin', 'translation'.
    19031906         * @param object $item    The update offer.
    19041907         * @param string $context The filesystem context (a path) against which filesystem
    19051908         *                        access and status should be checked.
    19061909         */
    19071910        public function should_update( $type, $item, $context ) {
    19081911                // Used to see if WP_Filesystem is set up to allow unattended updates.
    19091912                $skin = new Automatic_Upgrader_Skin;
    19101913
    19111914                if ( $this->is_disabled() )
    19121915                        return false;
    19131916
     1917                // Only relax the filesystem checks when the update doesn't include new files
     1918                $allow_relaxed_file_ownership = false;
     1919                if ( 'core' == $type && isset( $item->new_files ) && ! $item->new_files ) {
     1920                        $allow_relaxed_file_ownership = true;
     1921                } /* elseif ( 'translation' == $type && $translation_is_installed ) {
     1922                        $allow_relaxed_file_ownership = true;
     1923                }*/
     1924
    19141925                // If we can't do an auto core update, we may still be able to email the user.
    1915                 if ( ! $skin->request_filesystem_credentials( false, $context ) || $this->is_vcs_checkout( $context ) ) {
     1926                if ( ! $skin->request_filesystem_credentials( false, $context, $allow_relaxed_file_ownership ) || $this->is_vcs_checkout( $context ) ) {
    19161927                        if ( 'core' == $type )
    19171928                                $this->send_core_update_notification_email( $item );
    19181929                        return false;
    19191930                }
    19201931
    19211932                // Next up, is this an item we can update?
    19221933                if ( 'core' == $type )
    19231934                        $update = Core_Upgrader::should_update_to_version( $item->current );
    19241935                else
    19251936                        $update = ! empty( $item->autoupdate );
    19261937
    19271938                /**
    19281939                 * Filter whether to automatically update core, a plugin, a theme, or a language.
    19291940                 *
    19301941                 * The dynamic portion of the hook name, $type, refers to the type of update
     
    20602071                                $skin->feedback( __( 'Updating theme: %s' ), $item_name );
    20612072                                break;
    20622073                        case 'plugin':
    20632074                                $upgrader_item = $item->plugin;
    20642075                                $plugin_data = get_plugin_data( $context . '/' . $upgrader_item );
    20652076                                $item_name = $plugin_data['Name'];
    20662077                                $skin->feedback( __( 'Updating plugin: %s' ), $item_name );
    20672078                                break;
    20682079                        case 'translation':
    20692080                                $language_item_name = $upgrader->get_name_for_update( $item );
    20702081                                $item_name = sprintf( __( 'Translations for %s' ), $language_item_name );
    20712082                                $skin->feedback( sprintf( __( 'Updating translations for %1$s (%2$s)&#8230;' ), $language_item_name, $item->language ) );
    20722083                                break;
    20732084                }
    20742085
     2086                $allow_relaxed_file_ownership = false;
     2087                if ( 'core' == $type && isset( $item->new_files ) && ! $item->new_files ) {
     2088                        $allow_relaxed_file_ownership = true;
     2089                }/* elseif ( 'translation' == $type && $translation_is_installed ) {
     2090                        $allow_relaxed_file_ownership = true;
     2091                }*/
     2092
    20752093                // Boom, This sites about to get a whole new splash of paint!
    20762094                $upgrade_result = $upgrader->upgrade( $upgrader_item, array(
    20772095                        'clear_update_cache' => false,
    20782096                        // Always use partial builds if possible for core updates.
    20792097                        'pre_check_md5'      => false,
    20802098                        // Only available for core updates.
    20812099                        'attempt_rollback'   => true,
     2100                        // Allow relaxed file ownership in some scenarios
     2101                        'allow_relaxed_file_ownership' => $allow_relaxed_file_ownership,
     2102                       
    20822103                ) );
    20832104
    20842105                // If the filesystem is unavailable, false is returned.
    20852106                if ( false === $upgrade_result ) {
    20862107                        $upgrade_result = new WP_Error( 'fs_unavailable', __( 'Could not access filesystem.' ) );
    20872108                }
    20882109
    20892110                // Core doesn't output this, so lets append it so we don't get confused.
    20902111                if ( 'core' == $type ) {
    20912112                        if ( is_wp_error( $upgrade_result ) ) {
    20922113                                $skin->error( __( 'Installation Failed' ), $upgrade_result );
    20932114                        } else {
    20942115                                $skin->feedback( __( 'WordPress updated successfully' ) );
    20952116                        }
    20962117                }
  • src/wp-admin/includes/file.php

     
    797797                }
    798798        }
    799799        return true;
    800800}
    801801
    802802/**
    803803 * Initialises and connects the WordPress Filesystem Abstraction classes.
    804804 * This function will include the chosen transport and attempt connecting.
    805805 *
    806806 * Plugins may add extra transports, And force WordPress to use them by returning the filename via the 'filesystem_method_file' filter.
    807807 *
    808808 * @since 2.5.0
    809809 *
    810810 * @param array $args (optional) Connection args, These are passed directly to the WP_Filesystem_*() classes.
    811811 * @param string $context (optional) Context for get_filesystem_method(), See function declaration for more information.
     812 * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
    812813 * @return null|boolean false on failure, true on success
    813814 */
    814 function WP_Filesystem( $args = false, $context = false ) {
     815function WP_Filesystem( $args = false, $context = false, $allow_relaxed_file_ownership = false ) {
    815816        global $wp_filesystem;
    816817
    817818        require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');
    818819
    819         $method = get_filesystem_method($args, $context);
     820        $method = get_filesystem_method( $args, $context, $allow_relaxed_file_ownership );
    820821
    821822        if ( ! $method )
    822823                return false;
    823824
    824825        if ( ! class_exists("WP_Filesystem_$method") ) {
    825826
     827                $abstraction_file = ABSPATH . 'wp-admin/includes/class-wp-filesystem-' . $method . '.php';
     828
     829                // Include the correct file for the Direct_* subclasses
     830                if ( in_array( $method, array( 'direct_groupwritable', 'direct_worldwritable' ) ) ) {
     831                        $abstraction_file = ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php';
     832                }
     833
    826834                /**
    827835                 * Filter the path for a specific filesystem method class file.
    828836                 *
    829837                 * @since 2.6.0
    830838                 *
    831839                 * @see get_filesystem_method()
    832840                 *
    833841                 * @param string $path   Path to the specific filesystem method class file.
    834842                 * @param string $method The filesystem method to use.
    835843                 */
    836                 $abstraction_file = apply_filters( 'filesystem_method_file', ABSPATH . 'wp-admin/includes/class-wp-filesystem-' . $method . '.php', $method );
     844                $abstraction_file = apply_filters( 'filesystem_method_file', $abstraction_file, $method );
    837845
    838846                if ( ! file_exists($abstraction_file) )
    839847                        return;
    840848
    841849                require_once($abstraction_file);
    842850        }
    843851        $method = "WP_Filesystem_$method";
    844852
    845853        $wp_filesystem = new $method($args);
    846854
    847855        //Define the timeouts for the connections. Only available after the construct is called to allow for per-transport overriding of the default.
    848856        if ( ! defined('FS_CONNECT_TIMEOUT') )
    849857                define('FS_CONNECT_TIMEOUT', 30);
    850858        if ( ! defined('FS_TIMEOUT') )
    851859                define('FS_TIMEOUT', 30);
    852860
    853861        if ( is_wp_error($wp_filesystem->errors) && $wp_filesystem->errors->get_error_code() )
    854862                return false;
    855863
    856864        if ( !$wp_filesystem->connect() )
    857865                return false; //There was an error connecting to the server.
    858866
    859867        // Set the permission constants if not already set.
    860         if ( ! defined('FS_CHMOD_DIR') )
    861                 define('FS_CHMOD_DIR', ( fileperms( ABSPATH ) & 0777 | 0755 ) );
    862         if ( ! defined('FS_CHMOD_FILE') )
    863                 define('FS_CHMOD_FILE', ( fileperms( ABSPATH . 'index.php' ) & 0777 | 0644 ) );
     868        if ( ! defined('FS_CHMOD_DIR') ) {
     869                define( 'FS_CHMOD_DIR', ( fileperms( ABSPATH ) & 0777 | $wp_filesystem->default_minimum_chmod_dir ) );
     870        }
     871
     872        if ( ! defined('FS_CHMOD_FILE') ) {
     873                define( 'FS_CHMOD_FILE', ( fileperms( ABSPATH . 'index.php' ) & 0777 | $wp_filesystem->default_minimum_chmod_file ) );
     874        }
    864875
    865876        return true;
    866877}
    867878
    868879/**
    869880 * Determines which Filesystem Method to use.
    870881 * The priority of the Transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets (Via Sockets class, or fsockopen())
    871882 *
    872883 * Note that the return value of this function can be overridden in 2 ways
    873884 *  - By defining FS_METHOD in your <code>wp-config.php</code> file
    874885 *  - By using the filesystem_method filter
    875886 * Valid values for these are: 'direct', 'ssh2', 'ftpext' or 'ftpsockets'
    876887 * Plugins may also define a custom transport handler, See the WP_Filesystem function for more information.
    877888 *
    878889 * @since 2.5.0
    879890 *
    880891 * @param array $args Connection details.
    881892 * @param string $context Full path to the directory that is tested for being writable.
     893 * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
    882894 * @return string The transport to use, see description for valid return values.
    883895 */
    884 function get_filesystem_method($args = array(), $context = false) {
     896function get_filesystem_method( $args = array(), $context = false, $allow_relaxed_file_ownership = false ) {
    885897        $method = defined('FS_METHOD') ? FS_METHOD : false; // Please ensure that this is either 'direct', 'ssh2', 'ftpext' or 'ftpsockets'
    886898
    887         if ( ! $method && function_exists('getmyuid') && function_exists('fileowner') ){
    888                 if ( !$context )
     899        if ( ! $method ) {
     900                if ( !$context ) {
    889901                        $context = WP_CONTENT_DIR;
     902                }
    890903
    891904                // If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it.
    892                 if ( WP_LANG_DIR == $context && ! is_dir( $context ) )
     905                if ( WP_LANG_DIR == $context && ! is_dir( $context ) ) {
    893906                        $context = dirname( $context );
     907                }
    894908
    895909                $context = trailingslashit($context);
     910
    896911                $temp_file_name = $context . 'temp-write-test-' . time();
    897912                $temp_handle = @fopen($temp_file_name, 'w');
    898913                if ( $temp_handle ) {
    899                         if ( getmyuid() == @fileowner($temp_file_name) )
     914                        /**
     915                         * getmyuid() will return the User ID of the current script, equiv to fileowner( __FILE__ ).
     916                         * getmygid() will return the Group ID of the current script, equiv to filegroup( __FILE__ ).
     917                         *
     918                         * The below tests are used to select the appropriate WP_Filesystem_* class, allowing for
     919                         * created files to be owned by the correct user. If no new files are being created, then
     920                         * group / world writable is enough to modify core files.
     921                         */
     922
     923                        $owner_writable_functions_exist = function_exists('getmyuid') && function_exists('fileowner');
     924                        $group_writable_functions_exist = function_exists('getmygid') && function_exists('filegroup');
     925
     926                        if ( $owner_writable_functions_exist && getmyuid() == @fileowner( $temp_file_name ) ) {
    900927                                $method = 'direct';
     928                        } elseif ( $allow_relaxed_file_ownership && $group_writable_functions_exist && getmygid() === @filegroup( $temp_file_name ) ) {
     929                                $method = 'direct_groupwritable';
     930                        } elseif ( $allow_relaxed_file_ownership ) {
     931                                // wp_is_writable( $context ) is assumed based on fopen() suceeding.
     932                                $method = 'direct_worldwritable';
     933                        }
    901934                        @fclose($temp_handle);
    902935                        @unlink($temp_file_name);
    903936                }
    904937        }
    905938
    906939        if ( ! $method && isset($args['connection_type']) && 'ssh' == $args['connection_type'] && extension_loaded('ssh2') && function_exists('stream_get_contents') ) $method = 'ssh2';
    907940        if ( ! $method && extension_loaded('ftp') ) $method = 'ftpext';
    908941        if ( ! $method && ( extension_loaded('sockets') || function_exists('fsockopen') ) ) $method = 'ftpsockets'; //Sockets: Socket extension; PHP Mode: FSockopen / fwrite / fread
    909942
    910943        /**
    911944         * Filter the filesystem method to use.
    912945         *
    913946         * @since 2.6.0
    914947         *
    915948         * @param string $method Filesystem method to return.
     
    921954/**
    922955 * Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem.
    923956 * All chosen/entered details are saved, Excluding the Password.
    924957 *
    925958 * Hostnames may be in the form of hostname:portnumber (eg: wordpress.org:2467) to specify an alternate FTP/SSH port.
    926959 *
    927960 * Plugins may override this form by returning true|false via the <code>request_filesystem_credentials</code> filter.
    928961 *
    929962 * @since 2.5.0
    930963 *
    931964 * @param string $form_post the URL to post the form to
    932965 * @param string $type the chosen Filesystem method in use
    933966 * @param boolean $error if the current request has failed to connect
    934967 * @param string $context The directory which is needed access to, The write-test will be performed on this directory by get_filesystem_method()
    935968 * @param string $extra_fields Extra POST fields which should be checked for to be included in the post.
     969 * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
    936970 * @return boolean False on failure. True on success.
    937971 */
    938 function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false, $extra_fields = null) {
     972function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false, $extra_fields = null, $allow_relaxed_file_ownership = false ) {
    939973
    940974        /**
    941975         * Filter the filesystem credentials form output.
    942976         *
    943977         * Returning anything other than an empty string will effectively short-circuit
    944978         * output of the filesystem credentials form, returning that value instead.
    945979         *
    946980         * @since 2.5.0
    947981         *
    948982         * @param mixed  $output       Form output to return instead. Default empty.
    949983         * @param string $form_post    URL to POST the form to.
    950984         * @param string $type         Chosen type of filesystem.
    951985         * @param bool   $error        Whether the current request has failed to connect.
    952986         *                             Default false.
    953987         * @param string $context      Full path to the directory that is tested for
    954988         *                             being writable.
     989         * @param bool $allow_relaxed_file_ownership Whether to allow Group/World writable.
    955990         * @param array  $extra_fields Extra POST fields.
    956991         */
    957         $req_cred = apply_filters( 'request_filesystem_credentials', '', $form_post, $type, $error, $context, $extra_fields );
     992        $req_cred = apply_filters( 'request_filesystem_credentials', '', $form_post, $type, $error, $context, $extra_fields, $allow_relaxed_file_ownership );
    958993        if ( '' !== $req_cred )
    959994                return $req_cred;
    960995
    961         if ( empty($type) )
    962                 $type = get_filesystem_method(array(), $context);
     996        if ( empty($type) ) {
     997                $type = get_filesystem_method( array(), $context, $allow_relaxed_file_ownership );
     998        }
    963999
    964         if ( 'direct' == $type )
     1000        if ( in_array( $type, array( 'direct', 'direct_groupwritable', 'direct_worldwritable' ) ) ) {
    9651001                return true;
     1002        }
    9661003
    9671004        if ( is_null( $extra_fields ) )
    9681005                $extra_fields = array( 'version', 'locale' );
    9691006
    9701007        $credentials = get_option('ftp_credentials', array( 'hostname' => '', 'username' => ''));
    9711008
    9721009        // If defined, set it to that, Else, If POST'd, set it to that, If not, Set it to whatever it previously was(saved details in option)
    9731010        $credentials['hostname'] = defined('FTP_HOST') ? FTP_HOST : (!empty($_POST['hostname']) ? wp_unslash( $_POST['hostname'] ) : $credentials['hostname']);
    9741011        $credentials['username'] = defined('FTP_USER') ? FTP_USER : (!empty($_POST['username']) ? wp_unslash( $_POST['username'] ) : $credentials['username']);
    9751012        $credentials['password'] = defined('FTP_PASS') ? FTP_PASS : (!empty($_POST['password']) ? wp_unslash( $_POST['password'] ) : '');
    9761013
    9771014        // Check to see if we are setting the public/private keys for ssh
    9781015        $credentials['public_key'] = defined('FTP_PUBKEY') ? FTP_PUBKEY : (!empty($_POST['public_key']) ? wp_unslash( $_POST['public_key'] ) : '');
    9791016        $credentials['private_key'] = defined('FTP_PRIKEY') ? FTP_PRIKEY : (!empty($_POST['private_key']) ? wp_unslash( $_POST['private_key'] ) : '');
    9801017
  • src/wp-includes/update.php

     
    130130                return false;
    131131
    132132        $offers = $body['offers'];
    133133
    134134        foreach ( $offers as &$offer ) {
    135135                foreach ( $offer as $offer_key => $value ) {
    136136                        if ( 'packages' == $offer_key )
    137137                                $offer['packages'] = (object) array_intersect_key( array_map( 'esc_url', $offer['packages'] ),
    138138                                        array_fill_keys( array( 'full', 'no_content', 'new_bundled', 'partial', 'rollback' ), '' ) );
    139139                        elseif ( 'download' == $offer_key )
    140140                                $offer['download'] = esc_url( $value );
    141141                        else
    142142                                $offer[ $offer_key ] = esc_html( $value );
    143143                }
    144144                $offer = (object) array_intersect_key( $offer, array_fill_keys( array( 'response', 'download', 'locale',
    145                         'packages', 'current', 'version', 'php_version', 'mysql_version', 'new_bundled', 'partial_version', 'notify_email', 'support_email' ), '' ) );
     145                        'packages', 'current', 'version', 'php_version', 'mysql_version', 'new_bundled', 'partial_version', 'notify_email', 'support_email', 'new_files' ), '' ) );
    146146        }
    147147
    148148        $updates = new stdClass();
    149149        $updates->updates = $offers;
    150150        $updates->last_checked = time();
    151151        $updates->version_checked = $wp_version;
    152152
    153153        if ( isset( $body['translations'] ) )
    154154                $updates->translations = $body['translations'];
    155155
    156156        set_site_transient( 'update_core', $updates );
    157157
    158158        if ( ! empty( $body['ttl'] ) ) {
    159159                $ttl = (int) $body['ttl'];
    160160                if ( $ttl && ( time() + $ttl < wp_next_scheduled( 'wp_version_check' ) ) ) {