ipavkovic

Forum Replies Created

Viewing 3 replies - 1 through 3 (of 3 total)
  • Forum: Fixing WordPress
    In reply to: [Plugin: WP Super Cache] Howto drop write permissions for wp-content
    Thread Starter ipavkovic

    (@ipavkovic)

    18 years, 1 month ago

    The only thing the patch is doing is to remove the isWriteable-check on dir wp-content AFTER installation. It may be a nice idea to warn the people after installation to chmod wp-content to 755. Something like

    --- wp-cache.php.orig2  2008-04-02 13:23:14.000000000 +0200
+++ wp-cache.php        2008-04-03 16:26:35.000000000 +0200
@@ -131,6 +131,11 @@
                <p>It appears that mod_rewrite is not installed. Sometimes this check isn't 100% reliable, especially if you are not using Apache. Please verify that the mod_rewrite module is loaded. It is required for serving Super Cache static files. You will still be able to use WP-Cache.</p><?php
        }

+       if( is_writeable( ABSPATH . 'wp-content/' ) ) {
+               ?><p><strong style='color: #a00'>WARNING! wp-content is writable. Please make it readonly after installation of wp-super-cache as this is a security risk.<br />
+               Readonly: <code>chmod 755 wp-content</code></strong></p><?php
+       }
+
        if( !is_writable( $wp_cache_config_file) ) {
                define( "SUBMITDISABLED", 'disabled style="color: #aaa" ' );
                ?><h4 style='color: #a00'>Read Only Mode. Configuration cannot be changed. <a href="javascript:toggleLayer('readonlywarning');" title="Why your configuration may not be changed">Why</a></h4>

    Best Regards

    Forum: Fixing WordPress
    In reply to: WP-Cache Security Flaw
    ipavkovic

    (@ipavkovic)

    18 years, 1 month ago

    See

    http://wordpress.org/support/topic/163325?replies=2#post-721436

    Best Regards

    Forum: Plugins
    In reply to: wp-cache file permissions
    ipavkovic

    (@ipavkovic)

    18 years, 1 month ago

    Hi,

    I patched wp-cache.php to be able to drop write privileges on wp-content:

    ipavkovic@acrux:~/wordpress/wp-content/plugins/wp-cache$ diff -u wp-cache.php.orig wp-cache.php
--- wp-cache.php.orig   2008-02-19 21:07:48.000000000 +0100
+++ wp-cache.php        2008-04-02 12:05:06.000000000 +0200
@@ -468,11 +468,11 @@
        $new = false;
        $dir = dirname($wp_cache_config_file);

-       if ( !is_writable($dir)) {
-                       echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.Check its permissions.";
-                       return false;
-       }
        if ( !file_exists($wp_cache_config_file) ) {
+               if ( !is_writable($dir)) {
+                               echo "<b>Error:</b> wp-content directory (<b>$dir</b>) is not writable by the Web server.Check its permissions.";
+                               return false;
+               }
                if ( !file_exists($wp_cache_config_file_sample) ) {
                        echo "<b>Error:</b> Sample WP-Cache config file (<b>$wp_cache_config_file_sample</b>) does not exist.Verify you installation.";
                        return false;

    Best Regards

Viewing 3 replies - 1 through 3 (of 3 total)