[wp-trac] [WordPress Trac] #55307: After upgrading Debian, WordPress sites no longer update through FTP

Thu Mar 3 13:31:16 UTC 2022

#55307: After upgrading Debian, WordPress sites no longer update through FTP
-----------------------------+-----------------------------
 Reporter:  zippy1970        |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Upgrade/Install  |    Version:  5.9
 Severity:  major            |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 I upgraded my production server from Debian 10 (Buster) to Debian 11
 (Bullseye) a few days ago. At first, none of the hosted WordPress sites
 worked. All gave me an error about a missing mysql module. As it turned
 out, I needed to install php7.4-mysqli.

 But then when I wanted to update the WordPress sites from v5.9.0 to
 v5.9.1, all failed:

 {{{
 Downloading update from
 https://downloads.wordpress.org/release/wordpress-5.9.1-no-content.zip…

 The authenticity of wordpress-5.9.1-no-content.zip could not be verified
 as no signature was found.

 Unpacking the update…

 Verifying the unpacked files…

 The update could not be unpacked.

 Installation failed.
 }}}

 I took me quite a while to figure out what actually was going on. Now I
 know, I have no idea if this is a bug in WordPress, or caused by something
 else.

 The error message WP is giving, is actually ''incorrect''. As it turns
 out, it is able to unpack the update just fine in the wp-content/upgrade
 folder. But it’s when it checks if the files have actually unpacked, where
 it goes wrong. The problem lies in this piece of code in update-core.php:

 {{{#!php
 <?php
   foreach ( $roots as $root ) {
     if ( $wp_filesystem->exists( $from . $root . 'readme.html' )
        && $wp_filesystem->exists( $from . $root . 'wp-
 includes/version.php' )
      ) {
        $distro = $root;
        break;
      }
    }

    if ( ! $distro ) {
      $wp_filesystem->delete( $from, true );
      return new WP_Error( 'insane_distro', __( 'The update could not be
 unpacked.' ) );
    }
 }}}

 What it does here, is simply check if two files exists in the folder it
 has just unpacked the zip file to. This fails. And the reason is as
 follows:

 I use FTP method for installing updates. So when I tell it to update, it
 first figures out the folder it should download the zipfile to. This
 folder is stored in **$working_dir** in {{{wp-admin/includes/class-wp-
 upgrader.php -> unpack_package()}}}. The full path on the server is
 **/domains/domainname.com/htdocs/wp-content/upgrade/** but since FTP users
 are chrooted, WP finds and stores **/htdocs/wp-content/upgrade/** instead.
 The update file is downloaded to this folder and then unpacked.

 Next it does the above check in {{{wp-admin/includes/update-core.php ->
 update_core()}}}. And that failes because it tries to find a file in
 **/htdocs/wp-content/upgrade/** while the true location is
 **/domains/domainname.com/htdocs/wp-content/upgrade/**.

 Updating through FTP used to work fine in Debian 10 but in Debian 11,
 something broke...

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/55307>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform