[pmwiki-users] Uploaded files world readable!?
Petko Yotov
5ko at 5ko.fr
Mon Dec 31 11:59:42 CST 2012
Oliver Betz writes:
> >> Files uploaded by PmWiki got 0664 in all three cases - fixperms adds
> >> unneeded group write (and read) permissions even if PHP runs under the
> >> customers account.
>
> I got this wrong. Permissions are only added "if
> (fileowner($fname)!=@fileowner('.'))".
Yes, the directory "." is where index.php is. It belongs to the SSH/FTP
account. If a file (attachment, wiki.d pagefile, or index) or a directory,
created by PmWiki, doesn't have this same owner, then the FTP account may be
unable to see, edit and delete this file or list the directory unless we add
these permissions.
> Maybe it's an interesting option for the Site Analyzer to check the
> permissions set by default and needed for PHP and web server.
If it is possible for the SiteAnalizer to know it, we just might do it
automatically in fixperms().
Petko
More information about the pmwiki-users
mailing list