#61834 closed defect (bug) (fixed)
class-wp-site-health-auto-updates.php triggers error when basedir restrictions in effect
Reported by: | Keffr3n | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 6.7 | Priority: | normal |
Severity: | normal | Version: | 6.6.1 |
Component: | Filesystem API | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
Hello, for security reasons, the php pools serving my wordpress instances are isolated with open_basedir directive.
For site example.com, it's basedir is fixed to /www/example.com.
But in class-wp-site-health-auto-updates.php, paths outside this directory are tested: /.git, /www/.git and this throws errors.
instead of testing with is_dir, could you test also for access? like with is_readable()?
Attachments (1)
Change History (7)
This ticket was mentioned in PR #7153 on WordPress/wordpress-develop by @narenin.
5 weeks ago
#1
- Keywords has-patch added
#2
@
5 weeks ago
- Focuses php-compatibility removed
- Keywords needs-testing added; changes-requested removed
#4
in reply to:
↑ description
@
3 weeks ago
Hi there, thanks for the ticket! I was able to reproduce the issue. For anyone testing, note that the warning here may not be displayed on screen due to this test being performed via a REST API request, for which display_errors
is off by default in wp_debug_mode()
, so make sure to check the error log.
Replying to Keffr3n:
instead of testing with is_dir, could you test also for access? like with is_readable()?
In my testing, is_readable()
appears to throw the same warning. However, we did resolve a similar issue previously in [55425] / #42619, so we can reuse WP_Automatic_Updater::is_allowed_dir()
here.
#5
@
3 weeks ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 58921:
@SergeyBiryukov commented on PR #7153:
3 weeks ago
#6
Thanks for the PR! Merged a slightly different approach in r58921.
Trac ticket: https://core.trac.wordpress.org/ticket/61834