科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>installation - Install Wordpress with custom directory layout without breakting media upload

    installation - Install Wordpress with custom directory layout without breakting media upload

    programmeradmin0浏览0评论

    New security patches introduced to the Wordpress core on October, 14th break media upload on my Wordpress installations.

    That's due to my uncommon directory structure:

    • wp-config.php (custom)
    • index.php (custom)
    • wp (vanilla Wordpress Core)
      • wp-content (unused)
      • wp-cron.php
      • wp-blog-header.php
      • wp-includes
      • wp-admin
      • ...more...
    • wp-content (my custom, used wp-content directory)
      • plugins
      • themes
    • uploads (my custom, used uploads-directory)

    So I set WP_SITEURL to my "wp"-directory, WP_CONTENT_DIR and WP_CONTENT_URL to my "wp-content"-directory and WP_PLUGIN_DIR and WP_PLUGIN_URL to my "wp-content/plugins"-directory.

    Because Wordpress contructs the path of the uploads-Directory relative to the Wordpress core I needed to set UPLOADS to '../uploads'. So the resulting path of upload_dir() is "/wp/../uploads/" - that worked so far.

    In October, 14th with 5.2.4 there was a change to how wp_mkdir_p() (in wp-includes/functions.php) sanitizes and checks the path of new directories it creates. Here's the SVN log:

    r46274 | whyisjake | 2019-10-14 15:31:04 +0000 (Mo, 14. Okt 2019) | 8 Zeilen

    Filesystem API: Prevent directory travelersals when creating new folders.

    Reject file paths that contain sub-directory paths.

    Props iandunn, xknown, sstoqnov, whyisjake.

    Built from @46476

    There's a newly added block of code that goes like this:

    // Do not allow path traversals.
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
    return false;
}

    So all my Wordpress installations are unable to create a new directory "2019/11" in their uploads directory. However, if i manually create the folder, upload works, it's just the creation of new subfolders that stopped working.

    My question: What's the best way to configure Wordpress in a way that allows me to keep my filesystem structure. One possibility is to modify the apply_filters( 'upload_dir', $uploads ) to remove the unnecessary "wp/../" from the path, but that requires a plugin and i'd like to get Wordpress working on my servers without having to install a plugin in each (because there are much of them).

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论