View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0019779||phpList 3 application||Installation||public||19-02-19 12:38||19-07-19 15:33|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Target Version||3.4.0||Fixed in Version||3.4.0|
|Summary||0019779: Incorrect file permission for the admin/plugins directory|
|Description||The phplist distribution file downloaded from SourceForge has incorrect permissions for the admin/plugins directory, 777 instead of 755 as for all other folders.|
Some anti-malware software will prohibit access to directories with permission of 777.
|Tags||No tags attached.|
That seems to be the case since version 3.3.2 when additional plugins were added by default. Not sure if that was in purpose.
Just to clarify what happens when the plugins directory has permissions of 777.
When using the CKEditor plugin, the file browser window for inserting an image shows a 404 error (see screenshot). After changing the permssion to 755 the file browse window is displayed correctly.
The url for the window is similar to this
This error is in the web server log
Wed Feb 20 10:09:53.295350 2019] [:error] [pid 22480:tid 47654437066496] [client 126.96.36.199:51098]
SoftException in Application.cpp:657: Directory "/home/farmstea/public_html/lists/admin/plugins" is writeable by group, referer: http://www.farmsteadcheesesandwines.com/lists/admin/?page=send&id=2884&tk=7e6b57dc20fcc0f8f003bc5c89cc3002
which appears to come from suPHP.
|If I introduced it then it wasn't intentional and can be reversed.|
In the new 3.4.0-RC1 the permissions for the plugins directory have been changed from 777 to 775, see new screenshot, which is still group-writeable.
The permissions need to be 755, the same as other directories, to avoid the suPHP problem.