[wp-testers] Automatic upgrade still failing
Otto
otto at ottodestruct.com
Mon Nov 3 17:27:03 GMT 2008
On Mon, Nov 3, 2008 at 11:00 AM, Ryan Boren <ryan at boren.nu> wrote:
> We go through pains to make sure we're compatible with a secure site.
> Unlike other upgraders, it does not require that files be writable by
> the webserver. Nor does it change permissions via FTP so that files
> can be written by the webserver.
These two statements are fundamentally at odds here. If the files are
not writable by the webserver, then they cannot be overwritten by a
copy operation. In other words, if owner does not have +w, then it
fails.
> We try to make sure direct is used only when files created by the webserver
> have the same owner as the WP files.
In other words, upgrade core only uses direct in cases where you're
running suPHP (or similar method)? While this is many hosts, it's
certainly not *all* hosts. And even then, it's generally not a good
idea to leave your files writable. True, the webserver is running as
the owner, so it can change permissions too, but many scripts don't do
that. And some popular plugins (notably WP-Super-Cache) actively warns
against it in those cases, as it complains that the files are writable
by the webserver.
-Otto
More information about the wp-testers
mailing list