WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 7 months ago

#40572 assigned defect (bug)

.htaccess has incorrect permissions after installation

Reported by: i3anaan Owned by: rcutmore
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.4
Component: Upgrade/Install Keywords: good-first-bug has-patch needs-testing
Focuses: administration Cc:

Description

Having used the WordPress installation instructions and the .htaccess was installed on the server with 0600 permissions, instead of 0644 permissions (like all the other files). This caused our installation to function incorrectly, denying access to at least the login page.

Steps to reproduce:

  • Install wordpress
  • Fill in online 'setup' (the one where you choose admin credentials)
  • Be redirected to the wp-login.php
  • Get a 403 error

Attachments (1)

40572.patch (536 bytes) - added by rcutmore 7 months ago.
Modify .htaccess to a minimum set of permissions during creation

Download all attachments as: .zip

Change History (7)

#1 @dd32
9 months ago

  • Focuses administration added
  • Keywords needs-patch good-first-bug added

Welcome to the WordPress Trac @i3anaan

WordPress doesn't specify what permissions the .htaccess file should be created as, defaulting to whatever the server defaults to.
A Server with a umask of 0066 seems unlikely, but appears to be the case here.

It looks to me like we can probably always set the file permissions to a minimum of 0644 using something like the following in the creation branch of insert_with_markers():

if ( $perms = fileperms( $filename ) ) {
	chmod( $filename, $perms | 0644 );
}

In order to test implementation details of this, it might be helpful to whomever patches this to put umask( 0066 ) into your wp-config.phpfile to simulate the reporters environment and test your patch's effectiveness.

#2 @i3anaan
9 months ago

Hey @dd32, thank you for your response!

I just want to verify that for now there is no further action required from my side?

#3 @dd32
9 months ago

@i3anaan Correct! We don't need anything from you at present, when there's a patch uploaded or a commit to WordPress testing a fresh WordPress install in a subdirectory install to verify it fixes it would be appreciated - but not needed.

Thanks for taking the time to report the issue!

@rcutmore
7 months ago

Modify .htaccess to a minimum set of permissions during creation

#4 @rcutmore
7 months ago

Hi @dd32

I added 40572.patch to ensure a minimum set of permissions when creating the .htaccess file. I manually tested the patch and it resolves the issue for me when using a server umask of 0066. Should there be a unit test created for this?

#5 @rcutmore
7 months ago

  • Keywords has-patch needs-testing added; needs-patch removed

#6 @DrewAPicture
7 months ago

  • Owner set to rcutmore
  • Status changed from new to assigned

Assigning ownership to mark the good-first-bug as "claimed".

Note: See TracTickets for help on using tickets.