WordPress.org

Make WordPress Core

Opened 22 months ago

Closed 22 months ago

Last modified 22 months ago

#24700 closed defect (bug) (duplicate)

Permission check prevents detection of 'direct' installation method for plugins

Reported by: dennisjac Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Filesystem API Keywords:
Focuses: Cc:

Description

I run a Wordpress installation where permissions are primarily handled using groups and not users. Unfortunately in order to determine whether the 'direct' plugin installation method can be used the code checks not only if the directory is writable but also if it has the same UID as the executing user. This restriction isn't necessary and actually prevents users unnecessarily from using the 'direct' method even though they should be able to.

I attached a patch that fixes this issue. After applying the patch I can install plugins using the 'direct' method even when the folder doesn't belong to the apache user but write access is granted using group permissions.

Attachments (1)

wordpress-permission.patch (566 bytes) - added by dennisjac 22 months ago.
patch to fix overly restrictive check for plugin installation method

Download all attachments as: .zip

Change History (3)

@dennisjac22 months ago

patch to fix overly restrictive check for plugin installation method

comment:1 @ocean9022 months ago

  • Component changed from General to Filesystem
  • Keywords has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 3.5.2 deleted

Duplicate of #10205.

Note: See TracTickets for help on using tickets.