Make WordPress Core

Opened 13 months ago

Last modified 13 months ago

#51170 new defect (bug)

FTP automatic updates are not RFC 959 compliant for NLST command

Reported by: giox069 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.7
Component: Filesystem API Keywords:
Focuses: Cc:


Wordpress uses FTP NLST command to check if a file exists:

But according RFC 959, NLST is not intended to be applied to a file.

Many ftp servers are permissive, and allowed to execute NLST on files. But a recent update to pure-ftpd removed support for this wordpress non-rfc compliant behaviour.

Wordpress should adhere to RFC 959, and check FTP file existence in a different way than NLST command, for example using RFC 3659 commands, and then falling back to NLST if RFC 3659 commands are not available.

Wordpress should also warn the user and stop processing when NLST fails.

See my post here:

Change History (2)

#1 @SergeyBiryukov
13 months ago

  • Component changed from General to Filesystem API

#2 @desrosj
13 months ago

  • Version changed from trunk to 3.7

Looks like nlist() was added in [25274] as part of #14049.

There were attempts to change exists() up in in #28013 as part of WordPress 4.4, but it was reverted in 4.4.1 because of issues on various servers (see #34976 and #35026).

Note: See TracTickets for help on using tickets.