Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#17373 closed defect (bug) (duplicate)

manual plugin upload

Reported by: dorondoron's profile dorondoron Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.1.1
Component: Filesystem API Keywords: needs-patch
Focuses: Cc:

Description

when trying to upload a zipped plugin file manually i got a form asking for ftp credentials. this only happened on a linux machine while on windows the plugin would get unpacked and install automatically.

i looked around a bit and got to a function called get_filesystem_method() in /wp-admin/includes/file.php where getmyuid() is tested against the uid of the user owning a test file. after reading the enlightening comment in http://www.php.net/getmyuid i realized this is the reason for the unwanted behavior and posix_getuid() should be used instead.

Change History (2)

#1 @dd32
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Can you give a quick reasoning why you believe it should be using the posix, instead of getmyuid, based on the purpose of the code (To ensure that created files are owned by the same user as the WordPress files)?

Duplicate of #10205

#2 @dorondoron
13 years ago

I'm no expert, but imho the question isn't who owns the wordpress script files, but who's the user running the php process. i can decide to have my scripts belong to an arbitrary user but run php as root - environment wise my scripts would then be able to create and manipulate files in specific folders (such as /wp-content in that case) even if they don't belong to root themselves. i don't see why wordpress would want to override this behavior.

Note: See TracTickets for help on using tickets.