Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#24007 closed defect (bug) (duplicate)

Check for file permissions is too strict

Reported by: thanatica2's profile thanatica2 Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.5
Component: Upgrade/Install Keywords:
Focuses: Cc:


This affects upgrading WP and updating plugins/themes. When checking for sufficient file permissions to have WP write to itself, it also checks to see if a created temp file is owned by the apache user.

This wrong, because it does not have to be configured that way. In my particular case, I configured it in such a way that the file owner of a newly created file is always the same user, regardless of who creates the file (creator != owner, I say).

One more reason that this extra check is superfluous, is that when an application has found that it can create a file, and it can write to it, and can delete it afterwards, that's *enough*. There's no need to be owner of a file in order to manipulate it.

This is what WP is trying to do:

if ( getmyuid() == @fileowner($temp_file_name) )

At line 857 in file /wp-admin/includes/file.php

Comment out that line, and upgrading/updating works beautifully.

What's worse, when it "fails", it silently goes to the FTP form, without ever telling the user (which is me, a rookie developer) what went wrong, and when, and why, and where. The fail is completely silent. I had "some words" to say while tracking this bug down, because I had no way of knowing where to even start. But that's in the past now.

I strongly suggest removing this extra check, because as said, it is completely unneccesary as far as I can see.

Change History (1)

#1 @SergeyBiryukov
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version changed from 3.5.1 to 2.5

Duplicate of #10205.

See also previous discussions in #7779, #8400, #10423, #10424, #12499, #14753, and wp-hackers.

Note: See TracTickets for help on using tickets.