Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#24700 closed defect (bug) (duplicate)

Permission check prevents detection of 'direct' installation method for plugins

Reported by: dennisjac Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Filesystem API Keywords:
Focuses: Cc:


I run a Wordpress installation where permissions are primarily handled using groups and not users. Unfortunately in order to determine whether the 'direct' plugin installation method can be used the code checks not only if the directory is writable but also if it has the same UID as the executing user. This restriction isn't necessary and actually prevents users unnecessarily from using the 'direct' method even though they should be able to.

I attached a patch that fixes this issue. After applying the patch I can install plugins using the 'direct' method even when the folder doesn't belong to the apache user but write access is granted using group permissions.

Attachments (1)

wordpress-permission.patch (566 bytes) - added by dennisjac 2 years ago.
patch to fix overly restrictive check for plugin installation method

Download all attachments as: .zip

Change History (3)

2 years ago

patch to fix overly restrictive check for plugin installation method

#1 @ocean90
2 years ago

  • Component changed from General to Filesystem
  • Keywords has-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 3.5.2 deleted

Duplicate of #10205.

Note: See TracTickets for help on using tickets.