View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0019779 | phpList 3 application | Installation | public | 19-02-19 12:38 | 19-07-19 15:33 |
Reporter | duncanc | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | resolved | Resolution | fixed | ||
Product Version | 3.3.9 | ||||
Target Version | 3.4.0 | Fixed in Version | 3.4.0 | ||
Summary | 0019779: Incorrect file permission for the admin/plugins directory | ||||
Description | The phplist distribution file downloaded from SourceForge has incorrect permissions for the admin/plugins directory, 777 instead of 755 as for all other folders. Some anti-malware software will prohibit access to directories with permission of 777. | ||||
Tags | No tags attached. | ||||
|
|
|
That seems to be the case since version 3.3.2 when additional plugins were added by default. Not sure if that was in purpose. |
|
Just to clarify what happens when the plugins directory has permissions of 777. When using the CKEditor plugin, the file browser window for inserting an image shows a 404 error (see screenshot). After changing the permssion to 755 the file browse window is displayed correctly. The url for the window is similar to this http://www.mysite.com/lists/admin/plugins/CKEditorPlugin/kcfinder/browse.php?opener=ckeditor&type=image&CKEditor=message&CKEditorFuncNum=1&langCode=en This error is in the web server log Wed Feb 20 10:09:53.295350 2019] [:error] [pid 22480:tid 47654437066496] [client 109.154.156.164:51098] SoftException in Application.cpp:657: Directory "/home/farmstea/public_html/lists/admin/plugins" is writeable by group, referer: http://www.farmsteadcheesesandwines.com/lists/admin/?page=send&id=2884&tk=7e6b57dc20fcc0f8f003bc5c89cc3002 which appears to come from suPHP. |
|
If I introduced it then it wasn't intentional and can be reversed. |
|
In the new 3.4.0-RC1 the permissions for the plugins directory have been changed from 777 to 775, see new screenshot, which is still group-writeable. The permissions need to be 755, the same as other directories, to avoid the suPHP problem. |