Install WordPress with custom directory layout without breakting media upload

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

Install WordPress with custom directory layout without breakting media upload

Question

New security patches introduced to the WordPress core on October, 14th break media upload on my WordPress installations.

That’s due to my uncommon directory structure:

wp-config.php (custom)
index.php (custom)
wp (vanilla WordPress Core)
- wp-content (unused)
- wp-cron.php
- wp-blog-header.php
- wp-includes
- wp-admin
- …more…
wp-content (my custom, used wp-content directory)
- plugins
- themes
uploads (my custom, used uploads-directory)

So I set WP_SITEURL to my “wp”-directory, WP_CONTENT_DIR and WP_CONTENT_URL to my “wp-content”-directory and WP_PLUGIN_DIR and WP_PLUGIN_URL to my “wp-content/plugins”-directory.

Because WordPress contructs the path of the uploads-Directory relative to the WordPress core I needed to set UPLOADS to ‘../uploads’. So the resulting path of upload_dir() is “/wp/../uploads/” – that worked so far.

In October, 14th with 5.2.4 there was a change to how wp_mkdir_p() (in wp-includes/functions.php) sanitizes and checks the path of new directories it creates. Here’s the SVN log:

r46274 | whyisjake | 2019-10-14 15:31:04 +0000 (Mo, 14. Okt 2019) | 8 Zeilen

Filesystem API: Prevent directory travelersals when creating new folders.

Reject file paths that contain sub-directory paths.

Props iandunn, xknown, sstoqnov, whyisjake.

Built from https://develop.svn.wordpress.org/trunk@46476

There’s a newly added block of code that goes like this:

// Do not allow path traversals.
if ( false !== strpos( $target, '../' ) || false !== strpos( $target, '..' . DIRECTORY_SEPARATOR ) ) {
    return false;
}

So all my WordPress installations are unable to create a new directory “2019/11” in their uploads directory. However, if i manually create the folder, upload works, it’s just the creation of new subfolders that stopped working.

My question: What’s the best way to configure WordPress in a way that allows me to keep my filesystem structure. One possibility is to modify the apply_filters( ‘upload_dir’, $uploads ) to remove the unnecessary “wp/../” from the path, but that requires a plugin and i’d like to get WordPress working on my servers without having to install a plugin in each (because there are much of them).

installation, server Matthias P. Wurfl 4 years 2019-11-06T10:37:18-05:00 2019-11-06T10:37:18-05:00 0 Answers 68 views 0

Register Now

Login

Lost Password

Add question

Login

Register Now

Install WordPress with custom directory layout without breakting media upload

Install WordPress with custom directory layout without breakting media upload

Leave an answer