Ticket #37264: 37264-2.patch

wp-admin/setup-config.php

@@ -215 +215 @@
                         <td><input name="prefix" id="prefix" type="text" value="wp_" size="25" /></td>
                         <td><?php _e( 'If you want to run multiple WordPress installations in a single database, change this.' ); ?></td>
                 </tr>
+                <?php
+                        $tmp_file = tempnam(sys_get_temp_dir(), 'wp');
+                        $tmp_file_owner = fileowner($tmp_file);
+                        unlink($tmp_file);
+                ?>
+                <?php if (is_writable(ABSPATH) && $tmp_file_owner != fileowner(__FILE__)): ?>
+                <tr>
+                        <td scope="row" colspan="3">
+                                <input name="wp_config_write" id="wp_config_write" type="checkbox" value="1" />
+                                <?php _e( 'Allow other system users to write into wp-config.php' ); ?>
+                        </td>
+                </tr>
+                <?php endif; ?>
         </table>
         <?php if ( isset( $_GET['noapi'] ) ) { ?><input name="noapi" type="hidden" value="1" /><?php } ?>
         <input type="hidden" name="language" value="<?php echo esc_attr( $language ); ?>" />
@@ -232 +245 @@
         $pwd = trim( wp_unslash( $_POST[ 'pwd' ] ) );
         $dbhost = trim( wp_unslash( $_POST[ 'dbhost' ] ) );
         $prefix = trim( wp_unslash( $_POST[ 'prefix' ] ) );
+        $wp_config_write = isset($_POST[ 'wp_config_write']) && '1' === $_POST[ 'wp_config_write'];
 
         $step_1 = 'setup-config.php?step=1';
         $install = 'install.php';
@@ -398 +412 @@
                         fwrite( $handle, $line );
                 }
                 fclose( $handle );
-                chmod( $path_to_wp_config, 0666 );
+                chmod( $path_to_wp_config, $wp_config_write ? 0666 : 0600 );
                 setup_config_display_header();
 ?>
 <h1 class="screen-reader-text"><?php _e( 'Successful database connection' ) ?></h1>