[pmwiki-users] Uploaded files world readable!?

Petko Yotov 5ko at 5ko.fr
Mon Dec 31 11:59:42 CST 2012


Oliver Betz writes:
> >> Files uploaded by PmWiki got 0664 in all three cases - fixperms adds
> >> unneeded group write (and read) permissions even if PHP runs under the
> >> customers account.
>
> I got this wrong. Permissions are only added "if
> (fileowner($fname)!=@fileowner('.'))".

Yes, the directory "." is where index.php is. It belongs to the SSH/FTP  
account. If a file (attachment, wiki.d pagefile, or index) or a directory,  
created by PmWiki, doesn't have this same owner, then the FTP account may be  
unable to see, edit and delete this file or list the directory unless we add  
these permissions.

> Maybe it's an interesting option for the Site Analyzer to check the
> permissions set by default and needed for PHP and web server.

If it is possible for the SiteAnalizer to know it, we just might do it  
automatically in fixperms().

Petko




More information about the pmwiki-users mailing list