Closed robwoodgate closed 2 years ago
This is what is causing the issue reported here: https://wordpress.org/support/topic/urgent-ce-recursively-chmodding-all-directories-and-files-to-755/
This has been working for me...
inc/cache_enabler_disk.class.php diff lines: 1304a1305,1308
if ( strpos( $dir, CACHE_ENABLER_CACHE_DIR ) === false || strpos( $dir, '../' ) !== false ) {
return false;
}
There are certain circumstances where Cache_Enabler_Disk::get_cache_dir() can return an empty string.
In this case, Cache_Enabler_Disk::get_cache_file() can return name with empty cache directory... eg: /https-index.html
Cache_Enabler_Disk::create_cache_file() will then attempt to call Cache_Enabler_Disk::mkdir_p() with "/" as the param.
This will cause Cache Enabler to try and recursively change permissions of all files under the root directory!
As well as causing all files in user home directory to change permissions, this can also crash PHP-FPM (as the pool socket is usually owned by the user).
The immediate fix is to ensure Cache_Enabler_Disk::get_cache_dir() ALWAYS returns at least the cache root path (CACHE_ENABLER_CACHE_DIR).
However, it may also be prudent to validate the $dir param in Cache_Enabler_Disk::mkdir_p() to ensure it contains the cache root path, and does not attempt parent directory traversal ("../")