WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#12201 closed defect (bug) (duplicate)

getmyuid() is disabled - workaround

Reported by: edward mindreantre Owned by: dd32
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: Filesystem API Keywords: has-patch
Focuses: Cc:

Description (last modified by nacin)

On some web hosts the getmyuid() function, used in file.php to discern whether direct access to the file system is allowed or not, is disabled. "For security reasons", whatever that might mean. How much damage can you cause with getmyuid?

This prevents people who, even though they've installed wordpress correctly via FTP and set the correct file permissions, from installing themes, plugins and upgrades.

Sad but true.

Here's a workaround.

Attachments (3)

file.php.diff (460 bytes) - added by edward mindreantre 4 years ago.
Diff of file.php from v2.9.1
file.php.2.diff (460 bytes) - added by edward mindreantre 4 years ago.
Diff of file.php from v2.9.1
file.php.patch.diff (448 bytes) - added by imme-emosol 4 years ago.
Another patch for the ftp-issue, not using the at-sign(@).

Download all attachments as: .zip

Change History (10)

edward mindreantre4 years ago

Diff of file.php from v2.9.1

edward mindreantre4 years ago

Diff of file.php from v2.9.1

comment:1 edward mindreantre4 years ago

  • Cc edward mindreantre added
  • Milestone changed from Unassigned to 3.0
  • Version set to 2.9.2

comment:2 dd324 years ago

  • Keywords has-patch needs-testing added; file.php direct access getmyuid removed
  • Status changed from new to accepted

See Also #10424

I dont have an environment under which to test this still, But will get to it if the above ticket fails.

Can you test that patch over on that ticket please?

comment:3 edward mindreantre4 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

(Fresh trunk, fresh install)

comment:4 dd324 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

It should, Given that the code you patched isn't even touched if thats defined.

comment:5 nacin4 years ago

  • Description modified (diff)

Removing language.

imme-emosol4 years ago

Another patch for the ftp-issue, not using the at-sign(@).

comment:6 imme-emosol4 years ago

  • Cc imme-emosol added
  • Keywords needs-testing removed
  • Resolution set to duplicate
  • Status changed from accepted to closed

Had issue with wordpress 2.8.4-1ubuntu1 .
Resolved with my patch, quite sure the same goes for the other supplied patches.

community-related , linked :
http://www.chrisabernethy.com/why-wordpress-asks-connection-info/comment-page-2/#comment-14293

Guess it will al be resolved with http://core.trac.wordpress.org/ticket/10424
so closing this one as duplicate .

ghehe, so I should not have added the following to my patch :
Another patch for the ftp-issue, not using the at-sign(@).
But something like :
Diff of file.php from v2.8.4-1ubuntu1
?

comment:7 nacin4 years ago

  • Milestone 3.0 deleted
Note: See TracTickets for help on using tickets.