WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 2 years ago

Last modified 2 years ago

#6631 closed enhancement (maybelater)

File and Directory Persmission are not checked by install.php

Reported by: hakre Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upload Keywords:
Focuses: Cc:

Description

I personally and many other users according to the feedback I see and discuss in the support forums theses days encounter upgrade and installation problems because the file upload does not work. For version 2.5 this might escalate a lot, because there are numerous technical issues with a new uploader software that ships the first time with that version.

Anyway it would help a lot, if the install and/or upgrade script does check for the right persmissions in the wp-upload folder while upgrading / installing.

Those are:

  • The user php is executed under can access the directory
  • That user can create a directory inside that directory
  • That user can create a file inside that created direcotry

A simple mkdir and temporary file creation could verify that. If those tests fail, it would be a good idea to display a message. Maybe it's a good Idea as well to provide such a test inside the admin sothat the blogs setup can be checked later on as well.

Change History (14)

comment:1 hakre6 years ago

Somewhere On the PHP website, there is a function suggested to verify if a path is writeable or not. It workaround some known bugs already.

This is the latest version of is__writable() I could come up with.
It can accept files or folders, but folders should end with a trailing slash! The function attempts to actually write a file, so it will correctly return true when a file/folder can be written to when the user has ACL write access to it.

<?php
function is__writable($path) {
//will work in despite of Windows ACLs bug
//NOTE: use a trailing slash for folders!!!
//see http://bugs.php.net/bug.php?id=27609
//see http://bugs.php.net/bug.php?id=30931

    if ($path{strlen($path)-1}=='/') // recursively return a temporary file path
        return is__writable($path.uniqid(mt_rand()).'.tmp');
    else if (is_dir($path))
        return is__writable($path.'/'.uniqid(mt_rand()).'.tmp');
    // check tmp file for read/write capabilities
    $rm = file_exists($path);
    $f = @fopen($path, 'a');
    if ($f===false)
        return false;
    fclose($f);
    if (!$rm)
        unlink($path);
    return true;
}
?>

comment:2 thee176 years ago

  • Type changed from enhancement to defect

comment:3 ryan6 years ago

  • Milestone changed from 2.5.2 to 2.9

Milestone 2.5.2 deleted

comment:4 Denis-de-Bernardy5 years ago

  • Component changed from General to Upgrade/Install
  • Owner anonymous deleted

comment:6 follow-up: dd325 years ago

  • Component changed from Upgrade/Install to Upload

There is another ticket related to giving a warning upon upgrade in 2.9 if the PHP versions are out of date.. Maybe it's time to introduce a few health checks and display a dismissable notice about such items..

See #10116

comment:7 Denis-de-Bernardy5 years ago

  • Type changed from defect (bug) to enhancement

comment:8 bi0xid5 years ago

I agree. We need some checks to avoid problems. One of them must be 'be sure all your plugins are deactivated' before upgrading.

comment:9 follow-up: Denis-de-Bernardy5 years ago

"Be sure all your plugins are deactivated" is not desirable at all. There are hooks in the upgrade API that would become totally useless. Better check, using readme.txt files whether the plugins are compatible with the latest and greatest WP, and suggest deactivating those that aren't.

comment:10 in reply to: ↑ 9 bi0xid5 years ago

Yes :) thanks for the correction.
Learning a lot here :)

Replying to Denis-de-Bernardy:

"Be sure all your plugins are deactivated" is not desirable at all. There are hooks in the upgrade API that would become totally useless. Better check, using readme.txt files whether the plugins are compatible with the latest and greatest WP, and suggest deactivating those that aren't.

comment:11 in reply to: ↑ 6 hakre5 years ago

Replying to dd32:

There is another ticket related to giving a warning upon upgrade in 2.9 if the PHP versions are out of date.. Maybe it's time to introduce a few health checks and display a dismissable notice about such items..

See #10116

+1 that would create the opportunity to collect some check routines in one place. where to place the health checks?

comment:12 ryan4 years ago

  • Milestone changed from 2.9 to Future Release

comment:13 hakre2 years ago

  • Resolution set to maybelater
  • Status changed from new to closed

comment:14 ocean902 years ago

  • Milestone Future Release deleted
Note: See TracTickets for help on using tickets.