Make WordPress Core

Opened 17 months ago

Last modified 33 hours ago

#51170 new defect (bug)

FTP automatic updates are not RFC 959 compliant for NLST command

Reported by: giox069 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.7
Component: Filesystem API Keywords: reporter-feedback dev-feedback has-patch
Focuses: Cc:

Description

Wordpress uses FTP NLST command to check if a file exists:
https://developer.wordpress.org/reference/classes/wp_filesystem_ftpsockets/exists/

But according RFC 959, NLST is not intended to be applied to a file.

Many ftp servers are permissive, and allowed to execute NLST on files. But a recent update to pure-ftpd removed support for this wordpress non-rfc compliant behaviour.
https://github.com/jedisct1/pure-ftpd/commit/dc71ecfc39a6258d9e49b9918b600a9d46365358

Wordpress should adhere to RFC 959, and check FTP file existence in a different way than NLST command, for example using RFC 3659 commands, and then falling back to NLST if RFC 3659 commands are not available.

Wordpress should also warn the user and stop processing when NLST fails.

See my post here:
https://wordpress.org/support/topic/problems-installing-plugins-and-upgrading-with-newer-pure-ftpd/

Attachments (1)

51170.diff (1.6 KB) - added by mkox 33 hours ago.
exists improved, will fallback to ftp_size and Fixes #28013

Download all attachments as: .zip

Change History (4)

#1 @SergeyBiryukov
17 months ago

  • Component changed from General to Filesystem API

#2 @desrosj
17 months ago

  • Version changed from trunk to 3.7

Looks like nlist() was added in [25274] as part of #14049.

There were attempts to change exists() up in in #28013 as part of WordPress 4.4, but it was reverted in 4.4.1 because of issues on various servers (see #34976 and #35026).

@mkox
33 hours ago

exists improved, will fallback to ftp_size and Fixes #28013

#3 @mkox
33 hours ago

  • Keywords reporter-feedback dev-feedback has-patch added

After digging into the exists topic and different rfcs I think this patch is a good solution.

It improves behavior by first checking for dirs.

Then it uses the approved working method via ftp_nlist and adds flags if someone is looking for a hidden file. #28013

If ftp_nlist will fail, it will now try to use the ftp_size method for the target file - so @giox069 with pure-ftp issues with pure ftp should be solved as well.

Note: See TracTickets for help on using tickets.