Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#13723 closed defect (bug) (wontfix)

missuse of dirname(ABSPATH) in wp-load.php

Reported by: albanc Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: General Keywords: install open_basedir
Focuses: Cc:


During wordpress installation, wp-config.php is not found on some systems raising an open_basedir error because the wp-config.php is looked in the upper directory of wordpress installation :

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/var/www/vhosts/mind2machine.com/subdomains/agribio/wp-config.php) is not within the allowed path(s): (/var/www/vhosts/mind2machine.com/subdomains/agribio/httpdocs:/tmp) in /var/www/vhosts/mind2machine.com/subdomains/agribio/httpdocs/wp-load.php  on line 36

In above error message, wordpress is located in path :


But the wp-config file is looked in :


This is due to the function dirname() being applied on ABSPATH at 3 different locations in wp-load.php.
However the dirname function is meant to retreive the folder name out of A FILE path. Appliying dirname on ABSPATH which is a FOLDER PATH returns the path with the last item truncated (here : httpdocs), thus a wrong path.
Also, ABSPATH is already obtained from executing a dirname() function, so there is absolutely no need in any case to apply dirname() over it once again :

define( 'ABSPATH', dirname(__FILE__) . '/' );

Replace any occurence of dirname(ABSPATH).'/wp-filename.php' by ABSPATH.'wp-filename.php'

See patch attached.

Attachments (1)

wp-load.patch (900 bytes) - added by albanc 5 years ago.
patch for wp-load.php

Download all attachments as: .zip

Change History (4)

5 years ago

patch for wp-load.php

#1 @ocean90
5 years ago

  • Severity changed from major to normal

Related #13641.

#2 @dd32
5 years ago

the use of dirname(ABSPATH) here is intentional.

WordPress supports the wp-config.php file to be in both ABSPATH OR 1 level above ABSPATH.

The rest of this ticket is a duplicate of a report 5 days ago, which is closed as wontfix: #13641

#3 @westi
5 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

As dd32 says this in intentional in order to support having wp-config.php outside the webserver document root.

As soon as you have one in the document root it won't check outside for one.

Note: See TracTickets for help on using tickets.