Check for file permissions is too strict
|Reported by:||thanatica2||Owned by:|
This affects upgrading WP and updating plugins/themes. When checking for sufficient file permissions to have WP write to itself, it also checks to see if a created temp file is owned by the apache user.
This wrong, because it does not have to be configured that way. In my particular case, I configured it in such a way that the file owner of a newly created file is always the same user, regardless of who creates the file (creator != owner, I say).
One more reason that this extra check is superfluous, is that when an application has found that it can create a file, and it can write to it, and can delete it afterwards, that's *enough*. There's no need to be owner of a file in order to manipulate it.
This is what WP is trying to do:
if ( getmyuid() == @fileowner($temp_file_name) )
At line 857 in file /wp-admin/includes/file.php
Comment out that line, and upgrading/updating works beautifully.
What's worse, when it "fails", it silently goes to the FTP form, without ever telling the user (which is me, a rookie developer) what went wrong, and when, and why, and where. The fail is completely silent. I had "some words" to say while tracking this bug down, because I had no way of knowing where to even start. But that's in the past now.
I strongly suggest removing this extra check, because as said, it is completely unneccesary as far as I can see.