WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#12201 closed defect (bug) (duplicate)

getmyuid() is disabled - workaround

Reported by: edward mindreantre Owned by: dd32
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: Filesystem API Keywords: has-patch
Focuses: Cc:
PR Number:

Description (last modified by nacin)

On some web hosts the getmyuid() function, used in file.php to discern whether direct access to the file system is allowed or not, is disabled. "For security reasons", whatever that might mean. How much damage can you cause with getmyuid?

This prevents people who, even though they've installed wordpress correctly via FTP and set the correct file permissions, from installing themes, plugins and upgrades.

Sad but true.

Here's a workaround.

Attachments (3)

file.php.diff (460 bytes) - added by edward mindreantre 10 years ago.
Diff of file.php from v2.9.1
file.php.2.diff (460 bytes) - added by edward mindreantre 10 years ago.
Diff of file.php from v2.9.1
file.php.patch.diff (448 bytes) - added by imme-emosol 10 years ago.
Another patch for the ftp-issue, not using the at-sign(@).

Download all attachments as: .zip

Change History (10)

@edward mindreantre
10 years ago

Diff of file.php from v2.9.1

@edward mindreantre
10 years ago

Diff of file.php from v2.9.1

#1 @edward mindreantre
10 years ago

  • Cc edward mindreantre added
  • Milestone changed from Unassigned to 3.0
  • Version set to 2.9.2

#2 @dd32
10 years ago

  • Keywords has-patch needs-testing added; file.php direct access getmyuid removed
  • Status changed from new to accepted

See Also #10424

I dont have an environment under which to test this still, But will get to it if the above ticket fails.

Can you test that patch over on that ticket please?

#3 @edward mindreantre
10 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

(Fresh trunk, fresh install)

#4 @dd32
10 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

It should, Given that the code you patched isn't even touched if thats defined.

#5 @nacin
10 years ago

  • Description modified (diff)

Removing language.

@imme-emosol
10 years ago

Another patch for the ftp-issue, not using the at-sign(@).

#6 @imme-emosol
10 years ago

  • Cc imme-emosol added
  • Keywords needs-testing removed
  • Resolution set to duplicate
  • Status changed from accepted to closed

Had issue with wordpress 2.8.4-1ubuntu1 .
Resolved with my patch, quite sure the same goes for the other supplied patches.

community-related , linked :
http://www.chrisabernethy.com/why-wordpress-asks-connection-info/comment-page-2/#comment-14293

Guess it will al be resolved with http://core.trac.wordpress.org/ticket/10424
so closing this one as duplicate .

ghehe, so I should not have added the following to my patch :
Another patch for the ftp-issue, not using the at-sign(@).
But something like :
Diff of file.php from v2.8.4-1ubuntu1
?

#7 @nacin
10 years ago

  • Milestone 3.0 deleted
Note: See TracTickets for help on using tickets.