[wp-trac] Re: [WordPress Trac] #5994: Autoupgrade plugins Should
have SFTP option
WordPress Trac
wp-trac at lists.automattic.com
Tue Feb 26 10:31:13 GMT 2008
#5994: Autoupgrade plugins Should have SFTP option
--------------------------+-------------------------------------------------
Reporter: technosailor | Owner: technosailor
Type: defect | Status: assigned
Priority: normal | Milestone: 2.6
Component: Security | Version: 2.5
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment (by DD32):
SFTP should be available if you enable the "Secure" selection & its using
the FTP Extension & SSL is supposed:
http://trac.wordpress.org/browser/trunk/wp-admin/includes/class-wp-
filesystem-ftpext.php#L64
{{{
64 if ( $this->options['ssl'] &&
function_exists('ftp_ssl_connect') ) {
65 $this->link =
ftp_ssl_connect($this->options['hostname'],
$this->options['port'],$this->timeout);
66 } else {
67 $this->link = ftp_connect($this->options['hostname'],
$this->options['port'],$this->timeout);
68 }
}}}
Note however, that it silently falls back to non-ssl if it cant connect
with ssl.[[BR]]
SSL shouldnt really be needed though IMO, As it'll only be connecting to
localhost, Not another server, Therefor, there's no network nodes in the
middle which may be listening in. While the local computer (the www
server) could be, it would require root priv. in which case, it could
access all the data regardless. I'm just pointing out the fact that
'secure' isnt really needed on that connection, whilst some will still
want it anyway.
--
Ticket URL: <http://trac.wordpress.org/ticket/5994#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list