WordPress.org

Ready to get started?Download WordPress

Forums

Short URL
[resolved] Short URL permission error and hosting crash (17 posts)

  1. Rett Pop
    Member
    Posted 11 months ago #

    Hi,

    Have constant errors in log:
    [Tue May 21 16:18:32 2013] [error] [client 66.249.78.120] PHP Warning: mkdir(): Permission denied in /var/www/sapi.com.ua/wp-content/plugins/shorten-url/core.class.php on line 794
    on every site touch.

    Also when trying open plugin settings from WPAdmin console got tons of:
    [Tue May 21 15:51:30 2013] [error] [client 84.47.179.228] PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /var/www/sapi.com.ua/wp-content/plugins/shorten-url/core/translation.class.php on line 980, referer: http://www.sapi.com.ua/wp-admin/plugins.php

    and log file grows infinitely until free space finished.

    Any suggestions?
    Thanks in advance.

    PS: last versions of WP and Short URL are installed.

    http://wordpress.org/extend/plugins/shorten-url/

  2. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    And why do not your try to set the permission to 755 in your wp-content folder ?

  3. Rett Pop
    Member
    Posted 11 months ago #

    It has 755 permission. In opposite case WP would not work. But as far I understand, plugin tries to make extra files in wp-content directory. And 755 does't permit such operations. I didn't find any mentions about required writing permissions for plugin. So I decided that it is kind of bug. It isn't?

  4. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    755 allows the the creation of files and folders by the user ... 755 is applied on subdirectories recursively ?
    The problem should be indicated in the configuration page of the plugin !
    Nevertheless the plugin need to create file and directory to handle dynamic CSS and js files and to manage translations files

  5. Rett Pop
    Member
    Posted 11 months ago #

    I can't open configuration page because plugin starts flood disk with error messages.
    Could I create these files manually? Or just make this directory writeable once? It might be some kind of paranoia, but I do not want make my fs available for writing without exceptional circumstances. And I think it worth to point this requirement in the readme file. Just as suggestion.

  6. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    Actually I do not understand your point ... What is the issue of allowing a plugin to write in its own directory and in a tmp dir (ie wp-content/sedlex) ?

  7. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    The only thing to do to create the file is to set the permssion to 755 on the plugin folder (and recursively on subfolders) and to create wp-content/sedlex/ and do the same

  8. Rett Pop
    Member
    Posted 11 months ago #

    Plugins being implemented mostly by indie developers. And those can't pay enough attention and time to plugin's security. The point is that one could found vulnerability in some plugin and be available write anything to server's fs. Whole WP on my hosting at the moment works without permissions to write anything to fs except of MySQL database.

  9. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    I do not say that my plugin does not has any vulnerabilities (no developer may say that) but I say that allowing a plugin to write in its own directory is not an security issue as the only danger is for himself. It is exactely the same point for a specific and dedicated folder as requested.

  10. Rett Pop
    Member
    Posted 11 months ago #

    OK. Is it enough make this dir writeable one time? Or it should be writeable all the time? Does pluging write something constantly?

  11. Sed Lex
    Member
    Plugin Author

    Posted 11 months ago #

    It should be writable all the time.
    In the wp-content/sedlex directory, the plugin generates DYNAMICALLY the appropriate CSS and JS file
    In the plugin directory the plugin only write if you modify a translation file

  12. Sed Lex
    Member
    Plugin Author

    Posted 10 months ago #

    Have you manage to solve your problem ?
    If so please mark this topic as solved

    Thkx

  13. Rett Pop
    Member
    Posted 10 months ago #

    Hi,
    I've set write permissions on plugin's directory and to sedlex directory pluging createdin ./wp-content/ directory. Once plugin's settings page opened I've removed write permissions from sedlex dir. It generates errors when opening settings page. But I can admit it.
    So, problem isn't solved. It is just dirty workaround to be able to open settings page.

  14. akis
    Member
    Posted 6 months ago #

    Hey Sed Lex,
    A bit off-topic here but there is any reason you choose to add your own directory in wp-content instead of plugin directory?

    Thanks.

  15. Sed Lex
    Member
    Plugin Author

    Posted 6 months ago #

    Yes indeed there is a reason :)
    As you know, it is possible to have a plurality of site attached to a single WP installation.
    Each installation may have their own data and should be separated.

    For security reasons, some host / person does not want WP to modify anything except the wp-content which may include pictures, attachement, etc.

    Thus, it is much easier to put all 'temp' file in wp-content.

    The plugin is then never changed as remains as it has been installed (excepted if you translate the plugin but this is another question:))

  16. akis
    Member
    Posted 6 months ago #

    Thanks for the explanation. I believe that using a more appropriate (self-descriptive) name for the directory would be better. You can also consider uploads folder for that as I've seen many plugins using it.

  17. Sed Lex
    Member
    Plugin Author

    Posted 6 months ago #

    You are right ... I would need to see if the modification is simple (considering the impact on existing installed plugin)

Reply

You must log in to post.

About this Plugin

About this Topic