Make WordPress Core

Opened 4 years ago

Last modified 3 weeks ago

#42619 new defect (bug)

WordPress tries to access /home/.bzr but to no avail

Reported by: meyegui Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9
Component: Upgrade/Install Keywords: needs-patch
Focuses: Cc:



I'm getting the following error in my logs. I'm aware that I have open_basedir enabled, but I don't think WordPress should try to read files outside its installation directory. If I'm mistaken, I'm sorry and I'll be glad to receive any explanation as to why.

This bug doesn't generate any visible error or message other than this log, so I would definitely consider it "low severity". The log file was generated by a plugin of mine, but as you can see, the error doesn't occur in my own files. It's located in a core file.

Here's what I get in my log file:


Type: 2
Message: is_dir(): open_basedir restriction in effect. File(/home/.bzr) is not within the allowed path(s): (/home/httpd/vhosts/[hidden]/:/tmp/)
File: /home/httpd/vhosts/[hidden]/subdomains/[hidden]/wp-admin/includes/class-wp-automatic-updater.php:98

Best regards

Attachments (1)

42619.diff (1.1 KB) - added by markjaquith 3 weeks ago.
Check open_basedir before checking a directory's existence

Download all attachments as: .zip

Change History (4)

#1 @meyegui
4 years ago

Still happening in WordPress 4.9.2.

Any idea why WP would try to read that file?

#2 @dd32
4 years ago

  • Component changed from General to Upgrade/Install
  • Keywords needs-patch added

Hi @meyegui and welcome to Trac.

I'd like to apologise for this ticket not getting a response until now.

This is caused by WordPress checking to see if it's running within a version-controlled environment, and avoiding autoupdating if that's the case.
The code responsible for this is located here: https://core.trac.wordpress.org/browser/trunk/src/wp-admin/includes/class-wp-automatic-updater.php?marks=74-106#L58

WordPress doesn't take into consideration the PHP open_basedir setting, which causes it to process further up the path list than expected.

#35536 is a related ticket, where it processes up into completely invalid directories.

If you're curious as to why we care about a .git or .bzr file in a /home/username/ folder, it's because we decided to be ultra-conservative and check all the way up to / instead of just the parent directory of WordPress for if it's running within a VCS environment.
We could probably relax this restriction to checking the immediate parent of WordPress only, but that wouldn't take into account some edge-cases of deployment situations, where for example, the VCS files are in the grandparent instead - Like I said, this code was written extremely conservatively.

Fixing this, adding a check to ensure that it's not going to run into an open_basedir restriction would be good, although maybe we can look at relaxing this restriction in the first place at the same time.

3 weeks ago

Check open_basedir before checking a directory's existence

#3 @markjaquith
3 weeks ago

Added is_allowed_dir() that checks to see if one of of the allowed open_basedir directories starts off the directory to be checked.

Note: See TracTickets for help on using tickets.