Thread

I’ve modified the PHP wrapper that my server’s running today, so I’ve been paying particular attention to file permissions. It appears that all files uploaded via EE are getting permissions of 777, which already sets off alarm bells, but looking at EE’s code I can’t help but think this is a bug.

In _upload_file() within Filemanager.php the following code is being used:

@chmod($file['full_path'], DIR_WRITE_MODE);

Given that $file[‘full_path’] is the path to the newly uploaded file and not the containing directory, shouldn’t EE be using FILE_WRITE_MODE here instead?

Just to be clear, I’m not in need of support here per-se, but equally I’m not feeling quite confident enough to post this as a bug report. Can anyone weigh in on this? Thanks.

Hi Dom Stubbs,

I’ll run this up to Robin, one of our developers, to see if she can shed some light on this.

Thanks for bringing this to our attention!

Sorry for the delayed reply!  That is indeed a bug- I’ve entered it in the tracker here:
https://support.ellislab.com/bugs/detail/17160

A short term fix is in the report and has been committed for the next release.

Thanks for the heads up!  If you do run into any other issues, just let us know.

No problem, thanks for the fix.

😉  Thanks for pointing it out to us!