From e53c5c50f7bfaa0baeb98679cdc3631dc7284b43 Mon Sep 17 00:00:00 2001 From: azaozz Date: Sun, 31 May 2009 21:08:03 +0000 Subject: [PATCH] Test writability of ABSPATH when upgrading core or WP_PLUGIN_DIR when installing/updating themes and plugins, fixes #9936 git-svn-id: http://svn.automattic.com/wordpress/trunk@11499 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/class-wp-upgrader.php | 5 +++-- wp-admin/includes/file.php | 18 +++++++++++------- wp-admin/update-core.php | 6 +++--- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/wp-admin/includes/class-wp-upgrader.php b/wp-admin/includes/class-wp-upgrader.php index 6954e85834..44caded041 100644 --- a/wp-admin/includes/class-wp-upgrader.php +++ b/wp-admin/includes/class-wp-upgrader.php @@ -720,7 +720,7 @@ class WP_Upgrader_Skin { return $this->__construct($args); } function __construct($args = array()) { - $defaults = array( 'url' => '', 'nonce' => '', 'title' => '' ); + $defaults = array( 'url' => '', 'nonce' => '', 'title' => '', 'context' => false ); $this->options = wp_parse_args($args, $defaults); } @@ -734,9 +734,10 @@ class WP_Upgrader_Skin { function request_filesystem_credentials($error = false) { $url = $this->options['url']; + $context = $this->options['context']; if ( !empty($this->options['nonce']) ) $url = wp_nonce_url($url, $this->options['nonce']); - return request_filesystem_credentials($url, '', $error); //Possible to bring inline, Leaving as0is for now. + return request_filesystem_credentials($url, '', $error, $context); //Possible to bring inline, Leaving as is for now. } function header() { diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 9cc8c22d0a..77baecd2a2 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -583,12 +583,12 @@ function copy_dir($from, $to) { * @param unknown_type $args * @return unknown */ -function WP_Filesystem( $args = false ) { +function WP_Filesystem( $args = false, $context = false ) { global $wp_filesystem; require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php'); - $method = get_filesystem_method($args); + $method = get_filesystem_method($args, $context); if ( ! $method ) return false; @@ -625,13 +625,17 @@ function WP_Filesystem( $args = false ) { * @since unknown * * @param unknown_type $args + * @param string $context Full path to the directory that is tested for being writable. * @return unknown */ -function get_filesystem_method($args = array()) { +function get_filesystem_method($args = array(), $context = false) { $method = defined('FS_METHOD') ? FS_METHOD : false; //Please ensure that this is either 'direct', 'ssh', 'ftpext' or 'ftpsockets' if( ! $method && function_exists('getmyuid') && function_exists('fileowner') ){ - $temp_file_name = ABSPATH . '.' . time(); + if ( !$context ) + $context = WP_CONTENT_DIR; + $context = trailingslashit($context); + $temp_file_name = $context . '.write-test-' . time(); $temp_handle = @fopen($temp_file_name, 'w'); if ( $temp_handle ) { if ( getmyuid() == fileowner($temp_file_name) ) @@ -657,13 +661,13 @@ function get_filesystem_method($args = array()) { * @param unknown_type $error * @return unknown */ -function request_filesystem_credentials($form_post, $type = '', $error = false) { - $req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error); +function request_filesystem_credentials($form_post, $type = '', $error = false, $context = false) { + $req_cred = apply_filters('request_filesystem_credentials', '', $form_post, $type, $error, $context); if ( '' !== $req_cred ) return $req_cred; if ( empty($type) ) - $type = get_filesystem_method(); + $type = get_filesystem_method(array(), $context); if ( 'direct' == $type ) return true; diff --git a/wp-admin/update-core.php b/wp-admin/update-core.php index 885827e403..1f45824216 100644 --- a/wp-admin/update-core.php +++ b/wp-admin/update-core.php @@ -142,7 +142,7 @@ function do_core_upgrade( $reinstall = false ) { else $url = 'update-core.php?action=do-core-upgrade'; $url = wp_nonce_url($url, 'upgrade-core'); - if ( false === ($credentials = request_filesystem_credentials($url)) ) + if ( false === ($credentials = request_filesystem_credentials($url, '', false, ABSPATH)) ) return; $version = isset( $_POST['version'] )? $_POST['version'] : false; @@ -152,8 +152,8 @@ function do_core_upgrade( $reinstall = false ) { return; - if ( ! WP_Filesystem($credentials) ) { - request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again + if ( ! WP_Filesystem($credentials, ABSPATH) ) { + request_filesystem_credentials($url, '', true, ABSPATH); //Failed to connect, Error and request again return; } ?>