WordPress.org

Make WordPress Core

Opened 6 years ago

Last modified 5 years ago

#12201 closed defect (bug)

getmyuid() is disabled - workaround — at Version 5

Reported by: edward mindreantre Owned by: dd32
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: Filesystem API Keywords: has-patch
Focuses: Cc:

Description (last modified by nacin)

On some web hosts the getmyuid() function, used in file.php to discern whether direct access to the file system is allowed or not, is disabled. "For security reasons", whatever that might mean. How much damage can you cause with getmyuid?

This prevents people who, even though they've installed wordpress correctly via FTP and set the correct file permissions, from installing themes, plugins and upgrades.

Sad but true.

Here's a workaround.

Change History (8)

@edward mindreantre6 years ago

Diff of file.php from v2.9.1

@edward mindreantre6 years ago

Diff of file.php from v2.9.1

comment:1 @edward mindreantre6 years ago

  • Cc edward mindreantre added
  • Milestone changed from Unassigned to 3.0
  • Version set to 2.9.2

comment:2 @dd326 years ago

  • Keywords has-patch needs-testing added; file.php direct access getmyuid removed
  • Status changed from new to accepted

See Also #10424

I dont have an environment under which to test this still, But will get to it if the above ticket fails.

Can you test that patch over on that ticket please?

comment:3 @edward mindreantre5 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

(Fresh trunk, fresh install)

comment:4 @dd325 years ago

Even setting define('FS_METHOD', 'direct'); won't work without my patch.

It should, Given that the code you patched isn't even touched if thats defined.

comment:5 @nacin5 years ago

  • Description modified (diff)

Removing language.

@imme-emosol5 years ago

Another patch for the ftp-issue, not using the at-sign(@).

Note: See TracTickets for help on using tickets.