Opened 11 years ago
Closed 11 years ago
#24007 closed defect (bug) (duplicate)
Check for file permissions is too strict
Reported by: | thanatica2 | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.5 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description
This affects upgrading WP and updating plugins/themes. When checking for sufficient file permissions to have WP write to itself, it also checks to see if a created temp file is owned by the apache user.
This wrong, because it does not have to be configured that way. In my particular case, I configured it in such a way that the file owner of a newly created file is always the same user, regardless of who creates the file (creator != owner, I say).
One more reason that this extra check is superfluous, is that when an application has found that it can create a file, and it can write to it, and can delete it afterwards, that's *enough*. There's no need to be owner of a file in order to manipulate it.
This is what WP is trying to do:
if ( getmyuid() == @fileowner($temp_file_name) )
At line 857 in file /wp-admin/includes/file.php
Comment out that line, and upgrading/updating works beautifully.
What's worse, when it "fails", it silently goes to the FTP form, without ever telling the user (which is me, a rookie developer) what went wrong, and when, and why, and where. The fail is completely silent. I had "some words" to say while tracking this bug down, because I had no way of knowing where to even start. But that's in the past now.
I strongly suggest removing this extra check, because as said, it is completely unneccesary as far as I can see.
Duplicate of #10205.
See also previous discussions in #7779, #8400, #10423, #10424, #12499, #14753, and wp-hackers.