Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#31554 closed defect (bug) (duplicate)

Setting FS_METHOD,FTP_USR etc in wp-config.php with missing wp-content/languages directory leads to SegFaults

Reported by: jobst's profile jobst Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.1
Component: Filesystem API Keywords:
Focuses: Cc:

Description

Hi!

I had the problem discribed in the subject line on a couple of websites using themes by rockettheme. At first I thought it is based on the themes and plugins I was using. To be sure I tried this with a fresh install of WP 4.1.1. I found that I could reproduce the problem I have described in the subject line with a fresh install.

PROBLEM DESCRIPTION:

  • A freshly installed wordpress site that has the FTP CONSTANTS set in wp-config.php will create SEG-FAULT message in error_log of the apache log files when accessing Setting -> General
  • A fresh install will fail on deletion of an installed plugin and display a page with either "zero reply" or "browser error" if the FTP CONSTANTS are set in wp-config.php
  • both issues use the same function call leading to the errors.
  • the name of the function is "fs_connect"

SYSTEM:

  • LAMP
  • 2.6.18-400.1.1.el5.centos.plus
  • PHP 5.3.29
  • Apache/2.2.3
  • MYSQL 5.5.37
  • WP 4.1.1 (fresh install)

HOW TO REPRODUCE:

  • install a fresh WP 4.1.1 version
  • open website and follow all of the prompts to install site, create admin etc
  • log into the site using the just created admin
  • go to the admin panel using http://YOUR_SITEDOMAIN/wp-admin/
  • click on Setting -> General
  • everything works fine
  • now add the FTP stuff as shown in http://codex.wordpress.org/Editing_wp-config.php to wp-config.php
  • click on Setting -> General
  • page has display problems, not updated properly, sometimes it says " .... zero reply .... "
  • a SEG-FAULT message is produced, e.g. [Sat Mar 07 15:50:51 2015] [notice] child pid 15422 exit signal Segmentation fault (11)
  • now go to /PATH_TO_WP_INSTALL/wp-content
  • add a directory with the name of "languages"
  • click on Setting -> General
  • no problem, no seg fault, page is displayed properly and refreshed

MY RESEARCH INTO THIS:

It took me some tracing to find that the error was created in /PATH_TO_WP_INSTALL/wp-admin/includes/class-wp-upgrader.php in the function fs_connect in the switch statement "default" case. I included a debug statement in that function right at he beginning to see what path generated this error:

 error_log(" FS_CONNECT: ".print_r($directories,1));

which gave me this output on fail:

[07-Mar-2015 06:44:40 UTC]  FS_CONNECT: Array
(
    [0] => /PATHDELETED/wp-content
    [1] => /PATHDELETED/wp-content/languages
)

while the error_log displayed this:

[Sat Mar 07 17:44:40 2015] [notice] child pid 578 exit signal Segmentation fault (11)

It took me some time to get to the real problem:

  • When the function "fs_connect" (see a couple of lines above) is called, it calls a function find_folder($dir) where $dir is (when the seg fault is called) "/PATHDELETED/wp-content/languages".
  • find_folder resides in /PATHDELETED/wp-admin/includes/class-wp-filesystem-base.php on line 222. If this function cannot find the folder after some 30 lines of code tried to find it, the function employs another function called "seach_for_folder()" which is in the same file on line 291.
  • Right at the start of that function "seach_for_folder()" there is an if statement checking whether $base is empty or '.', if either it sets $base = railingslashit($this->cwd()); which actually is the bug.
  • all trailingslashit does appending a "/" to the end of the string returned by $this->cwd() - however $this->cwd() returns a string that includes a "\n", this crashes wordpress with a segfault so in fact the return string has a newline character in between the string and the /

FAULTY EXAMPLE

if ( empty( $base ) || '.' == $base )
  $base = trailingslashit($this->cwd());
error_log("BASE: ".$base);

BASE: /home/ssh_user_name
/

CHANGED CODE TO FIX THE BUG:

if ( empty( $base ) || '.' == $base )
{
  $tmp=$this->cwd();
  $tmp=preg_replace("/[\r\n\m\t]/","",$tmp);
  $base = trailingslashit($tmp);
}
echo "BASE: $base"

BASE: /home/ssh_user_name/

The last example does not SEGFAULT the system.

There is a secondary issue with this, due to the failure (SEG FAULT) of the script no error is returned to the caller, in this case "/wp-admin/options-general.php", the user will not see the problem other than after "Timezone" nothing is diplayed and the button "Save Changes" is missing.

Since the deletion of a plugin calls "fs-connect" is has the same problem.

jobst

Attachments (1)

wp-config.php (2.5 KB) - added by jobst 10 years ago.

Download all attachments as: .zip

Change History (3)

@jobst
10 years ago

#1 @ocean90
10 years ago

  • Component changed from Administration to Filesystem API
  • Focuses accessibility administration removed
  • Milestone changed from Awaiting Review to 4.1.2
  • Version changed from 4.1.1 to 4.1

Hello @jobst,

thanks for your first ticket! We already have #30802 which mentions a failure on /wp-admin/options-general.php but we haven't enough infomation to track it down, until now.
Could you please add your results as a comment on #30802 so we can close this one as a duplicate? Thanks!

#2 @ocean90
10 years ago

  • Milestone 4.1.2 deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #30802.

Note: See TracTickets for help on using tickets.