WordPress.org

Make WordPress Core

Opened 14 months ago

Last modified 12 months ago

#40572 assigned defect (bug)

.htaccess has incorrect permissions after installation

Reported by: i3anaan Owned by: rcutmore
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.4
Component: Upgrade/Install Keywords: good-first-bug has-patch needs-testing
Focuses: administration Cc:

Description

Having used the WordPress installation instructions and the .htaccess was installed on the server with 0600 permissions, instead of 0644 permissions (like all the other files). This caused our installation to function incorrectly, denying access to at least the login page.

Steps to reproduce:

  • Install wordpress
  • Fill in online 'setup' (the one where you choose admin credentials)
  • Be redirected to the wp-login.php
  • Get a 403 error

Attachments (1)

40572.patch (536 bytes) - added by rcutmore 13 months ago.
Modify .htaccess to a minimum set of permissions during creation

Download all attachments as: .zip

Change History (7)

#1 @dd32
14 months ago

  • Focuses administration added
  • Keywords needs-patch good-first-bug added

Welcome to the WordPress Trac @i3anaan

WordPress doesn't specify what permissions the .htaccess file should be created as, defaulting to whatever the server defaults to. A Server with a umask of 0066 seems unlikely, but appears to be the case here.

It looks to me like we can probably always set the file permissions to a minimum of 0644 using something like the following in the creation branch of insert_with_markers():

if ( $perms = fileperms( $filename ) ) {
	chmod( $filename, $perms | 0644 );
}

In order to test implementation details of this, it might be helpful to whomever patches this to put umask( 0066 ) into your wp-config.phpfile to simulate the reporters environment and test your patch's effectiveness.

#2 @i3anaan
14 months ago

Hey @dd32, thank you for your response!

I just want to verify that for now there is no further action required from my side?

#3 @dd32
14 months ago

@i3anaan Correct! We don't need anything from you at present, when there's a patch uploaded or a commit to WordPress testing a fresh WordPress install in a subdirectory install to verify it fixes it would be appreciated - but not needed.

Thanks for taking the time to report the issue!

@rcutmore
13 months ago

Modify .htaccess to a minimum set of permissions during creation

#4 @rcutmore
13 months ago

Hi @dd32

I added 40572.patch to ensure a minimum set of permissions when creating the .htaccess file. I manually tested the patch and it resolves the issue for me when using a server umask of 0066. Should there be a unit test created for this?

#5 @rcutmore
13 months ago

  • Keywords has-patch needs-testing added; needs-patch removed

#6 @DrewAPicture
12 months ago

  • Owner set to rcutmore
  • Status changed from new to assigned

Assigning ownership to mark the good-first-bug as "claimed".

Note: See TracTickets for help on using tickets.