check if chmod is available to prevent Fatal Errors

[maltfield]

There is a bug in wordpress that prevents users from uploading media if their PHP server was hardened following common best-practices

chmod( $new_file, $perms );

This line causes a PHP Fatal error on hardened systems with the chmod function disabled.

PHP Fatal error:  Uncaught Error: Call to undefined function chmod() in /var/www/html/store.opensourceecology.org/htdocs/wp-admin/includes/file.php:1043\nStack trace:\n#0 /var/www/html/store.opensourceecology.org/htdocs/wp-admin/includes/file.php(1105): _wp_handle_upload()\n#1 /var/www/html/store.opensourceecology.org/htdocs/wp-admin/includes/media.php(306): wp_handle_upload()\n#2 /var/www/html/store.opensourceecology.org/htdocs/wp-admin/includes/ajax-actions.php(2632): media_handle_upload()\n#3 /var/www/html/store.opensourceecology.org/htdocs/wp-admin/async-upload.php(33): wp_ajax_upload_attachment()\n#4 {main}\n  thrown in /var/www/html/store.opensourceecology.org/htdocs/wp-admin/includes/file.php on line 1043', referer: https://store.opensourceecology.org/wp-admin/upload.php  

Why this matters

For security reasons, orgs frequently configure php.ini to be hardened by adding many dangerous functions to the disable_functions variable in the php.ini file. For example, it's common to disable the exec function

disable_functions = exec

And, for security reasons, it's also common to disable functions like chmod.

Solution

To fix the PHP Fatal error, wordpress should always check to see if the chmod function exists before attempting to call it

if( function_exists( 'chmod') ){
   chmod( $new_file, $perms );
}

[maltfield]

As a workaround, upload capabilities can be restored by adding this to the top of your wp-config.php until this bug is fixed

if( ! function_exists('chmod') ){
        function chmod(){
                return;
        }
}

[maltfield]

See PR with fix:

• ​https://github.com/WordPress/wordpress-develop/pull/7352