Make WordPress Core

Opened 15 years ago

Closed 15 years ago

Last modified 15 years ago

#12201 closed defect (bug) (duplicate)

getmyuid() is disabled - workaround

Reported by: edward-mindreantre's profile edward mindreantre Owned by: dd32's profile dd32
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: Filesystem API Keywords: has-patch
Focuses: Cc:

Description (last modified by nacin)

On some web hosts the getmyuid() function, used in file.php to discern whether direct access to the file system is allowed or not, is disabled. "For security reasons", whatever that might mean. How much damage can you cause with getmyuid?

This prevents people who, even though they've installed wordpress correctly via FTP and set the correct file permissions, from installing themes, plugins and upgrades.

Sad but true.

Here's a workaround.

Attachments (3)

file.php.diff (460 bytes) - added by edward mindreantre 15 years ago.
Diff of file.php from v2.9.1
file.php.2.diff (460 bytes) - added by edward mindreantre 15 years ago.
Diff of file.php from v2.9.1
file.php.patch.diff (448 bytes) - added by imme-emosol 15 years ago.
Another patch for the ftp-issue, not using the at-sign(@).

Download all attachments as: .zip

Change History (10)

@edward mindreantre
15 years ago

Diff of file.php from v2.9.1

@edward mindreantre
15 years ago

Diff of file.php from v2.9.1

#1 @edward mindreantre
15 years ago

  • Cc edward mindreantre added
  • Milestone changed from Unassigned to 3.0
  • Version set to 2.9.2

#2 @dd32
15 years ago

  • Keywords has-patch needs-testing added; file.php direct access getmyuid removed
  • Status changed from new to accepted

See Also #10424

I dont have an environment under which to test this still, But will get to it if the above ticket fails.

Can you test that patch over on that ticket please?

#3 @edward mindreantre
15 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

(Fresh trunk, fresh install)

#4 @dd32
15 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

It should, Given that the code you patched isn't even touched if thats defined.

#5 @nacin
15 years ago

  • Description modified (diff)

Removing language.

@imme-emosol
15 years ago

Another patch for the ftp-issue, not using the at-sign(@).

#6 @imme-emosol
15 years ago

  • Cc imme-emosol added
  • Keywords needs-testing removed
  • Resolution set to duplicate
  • Status changed from accepted to closed

Had issue with wordpress 2.8.4-1ubuntu1 .
Resolved with my patch, quite sure the same goes for the other supplied patches.

community-related , linked :
http://www.chrisabernethy.com/why-wordpress-asks-connection-info/comment-page-2/#comment-14293

Guess it will al be resolved with http://core.trac.wordpress.org/ticket/10424
so closing this one as duplicate .

ghehe, so I should not have added the following to my patch :
Another patch for the ftp-issue, not using the at-sign(@).
But something like :
Diff of file.php from v2.8.4-1ubuntu1
?

#7 @nacin
15 years ago

  • Milestone 3.0 deleted
Note: See TracTickets for help on using tickets.