WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#53298 new defect (bug)

Checking if wp-config-sample.php file exists before checking if wp-config.php exists

Reported by: machineitsvcs Owned by:
Milestone: Awaiting Review Priority: normal
Severity: trivial Version: 5.7.2
Component: Upgrade/Install Keywords: needs-patch
Focuses: administration, privacy, coding-standards Cc:

Description

Currently in WordPress core, wp-admin/setup-config.php checks if wp-config-sample.php file exists before checking if wp-config.php exists. If the sample file exists, it then checks if the wp-config.php file exists, and if so, suggests deletion if necessary. For security, some WordPress users may delete the sample file, and restrict open_basedir for directory above that of the web root directory. Because of these two cases, the current order produces the follow error:

PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/var/www/example/wp-config-sample.php) is not within the allowed path(s): (/var/www/example/web:/var/www/example/private:/var/www/example/tmp:/tmp:...) in /var/www/example/web/wp-admin/setup-config.php on line 46

If the check for existence of sample file could be moved after checking if wp-config.php exists, we could avoid this error and avoid checking if sample file exists if wp-config.php does and not checking both if they both do.

i.e. Moving the section commented Support wp-config-sample.php one level up, for the develop repo. to after the section commented Check if wp-config.php exists above the root directory but is not part of another installation. in wp-admin/setup-config.php

Change History (2)

#1 @SergeyBiryukov
2 months ago

  • Component changed from General to Upgrade/Install

#2 @machineitsvcs
2 months ago

It may also be worth prefacing the elseif condition file_exists( dirname( ABSPATH ) . '/wp-config-sample.php' ) with a @ to avoid any error should both the wp-config.php and wp-config-sample.php not exist and the parent directory be inaccessible, similar to what is already done for the wp-config.php when looking in parent directory.

i.e. using @file_exists( dirname( ABSPATH ) . '/wp-config-sample.php' ) instead

Last edited 2 months ago by machineitsvcs (previous) (diff)
Note: See TracTickets for help on using tickets.