WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 8 years ago

#2366 closed defect (bug) (fixed)

uploading fails with safe_mode turned

Reported by: BjornW Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0
Component: Administration Keywords: upload, safe_mode
Focuses: Cc:

Description

When using Wordpress with the following php.ini settings:

safe_mode On On
safe_mode_exec_dir no value no value
safe_mode_gid On On
safe_mode_include_dir no value no value
open_basedir no value no value

It will result in a failed upload:

Warning: move_uploaded_file(): SAFE MODE Restriction in effect. The script whose uid/gid is 2102/2052 is not allowed to access /filename owned by uid/gid 33/33

I am not sure if and what Wordpress developers can do to counter this. Off course we can ask sysadmins to change the safe_mode directive or its options, but this is in my view a less than ideal solution.

When searching for a better solution I came across this post at the php.net site:

4000 (the setuid bit). Executable files with this bit set will run with effective uid set to the uid of the file owner. Directories with this bit set will force all files and sub-directories created in them to be owned by the directory owner and not by the uid of the creating process, if the underlying file system supports this feature: see chmod(2) and the suiddir option to mount(8).

There seems to have been some earlier report about this, but the corresponding ticket #2150 was closed? Maybe this issue has been re-introduced?

Change History (3)

comment:1 @davidhouse9 years ago

Is this 2.0.1 or 2.0? There were some fixes in 2.0.1 for safe mode.

comment:2 @BjornW9 years ago

In response to davidhouse:

This was for Wordpress 2.0

I haven't been able to test it for 2.01, so I can't confirm if this 'bug' has been solved in 2.01

comment:3 @ryan8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I think we worked around all of the safe_mode problems. Resolving.

Note: See TracTickets for help on using tickets.