WordPress.org

Make WordPress Core

Opened 10 years ago

Closed 6 years ago

Last modified 6 years ago

#6631 closed enhancement (maybelater)

File and Directory Persmission are not checked by install.php

Reported by: hakre Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upload Keywords:
Focuses: Cc:

Description

I personally and many other users according to the feedback I see and discuss in the support forums theses days encounter upgrade and installation problems because the file upload does not work. For version 2.5 this might escalate a lot, because there are numerous technical issues with a new uploader software that ships the first time with that version.

Anyway it would help a lot, if the install and/or upgrade script does check for the right persmissions in the wp-upload folder while upgrading / installing.

Those are:

  • The user php is executed under can access the directory
  • That user can create a directory inside that directory
  • That user can create a file inside that created direcotry

A simple mkdir and temporary file creation could verify that. If those tests fail, it would be a good idea to display a message. Maybe it's a good Idea as well to provide such a test inside the admin sothat the blogs setup can be checked later on as well.

Change History (14)

#1 @hakre
10 years ago

Somewhere On the PHP website, there is a function suggested to verify if a path is writeable or not. It workaround some known bugs already.

This is the latest version of is__writable() I could come up with.
It can accept files or folders, but folders should end with a trailing slash! The function attempts to actually write a file, so it will correctly return true when a file/folder can be written to when the user has ACL write access to it.

<?php
function is__writable($path) {
//will work in despite of Windows ACLs bug
//NOTE: use a trailing slash for folders!!!
//see http://bugs.php.net/bug.php?id=27609
//see http://bugs.php.net/bug.php?id=30931

    if ($path{strlen($path)-1}=='/') // recursively return a temporary file path
        return is__writable($path.uniqid(mt_rand()).'.tmp');
    else if (is_dir($path))
        return is__writable($path.'/'.uniqid(mt_rand()).'.tmp');
    // check tmp file for read/write capabilities
    $rm = file_exists($path);
    $f = @fopen($path, 'a');
    if ($f===false)
        return false;
    fclose($f);
    if (!$rm)
        unlink($path);
    return true;
}
?>

#2 @thee17
10 years ago

  • Type changed from enhancement to defect

#3 @ryan
10 years ago

  • Milestone changed from 2.5.2 to 2.9

Milestone 2.5.2 deleted

#4 @Denis-de-Bernardy
9 years ago

  • Component changed from General to Upgrade/Install
  • Owner anonymous deleted

#6 follow-up: @dd32
9 years ago

  • Component changed from Upgrade/Install to Upload

There is another ticket related to giving a warning upon upgrade in 2.9 if the PHP versions are out of date.. Maybe it's time to introduce a few health checks and display a dismissable notice about such items..

See #10116

#7 @Denis-de-Bernardy
9 years ago

  • Type changed from defect (bug) to enhancement

#8 @bi0xid
9 years ago

I agree. We need some checks to avoid problems. One of them must be 'be sure all your plugins are deactivated' before upgrading.

#9 follow-up: @Denis-de-Bernardy
9 years ago

"Be sure all your plugins are deactivated" is not desirable at all. There are hooks in the upgrade API that would become totally useless. Better check, using readme.txt files whether the plugins are compatible with the latest and greatest WP, and suggest deactivating those that aren't.

#10 in reply to: ↑ 9 @bi0xid
9 years ago

Yes :) thanks for the correction.
Learning a lot here :)

Replying to Denis-de-Bernardy:

"Be sure all your plugins are deactivated" is not desirable at all. There are hooks in the upgrade API that would become totally useless. Better check, using readme.txt files whether the plugins are compatible with the latest and greatest WP, and suggest deactivating those that aren't.

#11 in reply to: ↑ 6 @hakre
9 years ago

Replying to dd32:

There is another ticket related to giving a warning upon upgrade in 2.9 if the PHP versions are out of date.. Maybe it's time to introduce a few health checks and display a dismissable notice about such items..

See #10116

+1 that would create the opportunity to collect some check routines in one place. where to place the health checks?

#12 @ryan
8 years ago

  • Milestone changed from 2.9 to Future Release

#13 @hakre
6 years ago

  • Resolution set to maybelater
  • Status changed from new to closed

#14 @ocean90
6 years ago

  • Milestone Future Release deleted
Note: See TracTickets for help on using tickets.