Depending on the available PHP libraries, WP_Filesystem supports three different methods of using FTP (via extension, sockets, or over-SSH) and will automatically choose the correct method. WP_Filesystem is capable of detecting when the users for written files will not match, and switches to a method using FTP or similar instead. This can lead to a security problem in shared hosting situations, where multiple users are sharing the same webserver for different sites. When this is the case, a process writing files from the webserver user will have the resulting files owned by the webserver’s user account instead of the actual user’s account. In particular, many hosting systems have the webserver running as a different user than the owner of the WordPress files. It does this through the WP_Filesystem_Base class, and several subclasses which implement different ways of connecting to the local filesystem, depending on individual host support.Īny theme or plugin that needs to write files locally should do so using the WP_Filesystem family of classes.ĭifferent hosting systems have different limitations in the way that their webservers are configured. The Filesystem API abstracts out the functionality needed for reading and writing local files to the filesystem to be done securely, on a variety of host types. The Filesystem API, added in WordPress 2.6, was originally created for WordPress’ own automatic updates feature.
0 kommentar(er)
