tene
Forum Replies Created
-
Forum: Plugins
In reply to: [Plugin: TinyMCE Advanced] Grey Box On Top of WindowsI see this as well, Safari4 and WP2.7.1, invoking a TinyMCE function greys out the screen and the only way out is to use the Back button (losing any work).
Forum: Fixing WordPress
In reply to: 2.7 problems toggling between HTML/VisualTry clicking Save before you switch between HTML / Visual.
Forum: Fixing WordPress
In reply to: Escaped quote inconsistency in WP2.2.1Solved by turning Magic Quotes off in php.ini
Forum: Everything else WordPress
In reply to: Safari 3.0 Gains WordPress FeaturesSafari + WP is very fast too.
Bit of an issue though, I was using Safari with the Rich Text Editor, and noticed some strange behaviours. So I switched off the RTE, but even with just the plain editor I’m noticing oddities.
For example, the the closing double quote in a string converted to a semicolon
“foo” becomes “foo;
Also inclusion of seemingly random characters at the top of a page
e.g &t or &ut
Haven’t found the cause or even a reproducible situation however, it just happens enough to notice.
Maybe its just the particular pages I’m working, but I suspect there are some issues with editing in Safari to be resolved.
Anyone else noted any edit issues with Safari?Forum: Fixing WordPress
In reply to: Am I right to be scared of upgrading to 2.2?Multiple sites updated to 2.2, dashboard, plugins, feeds (inc. feeds set to feedburner) all working for me, no line break issues. Very smooth update.
Forum: Fixing WordPress
In reply to: Advanced problem – image uploadThe key here is group privileges. The short answer is to use 770 privileges on wp-content and wp-content/uploads, and it will work securely, without any .htaccess mods.
Here is a longer answer for interested Linux users.
WP docs state “any file that needs write access from WordPress should be group-owned by the user account used by the webserver”. This is pretty terse – it gives you a big clue (but not all the details you need to understand WP file security on Linux).
Here is a fuller explanation.
If you know what 777, 755 etc mean, skip to next para. Octal privileges are a codified way of representing file access privileges: read=4, write=2, execute=1. So read+write+execute is 7, read+execute is 5, read+write is 6, read only is 4, no permissions is 0. You can assign different privileges to the OWNER of the file or directory, those in the same GROUP as the file or directory, and to WORLD (everyone). That is three groups of three. A directory with all privileges available to owner, group and world is drwxrwxrwx, or 777. A file with read+write+execute privileges for the owner and read+execute privs for group and world is -rwxr-xr-x, or 755 (the first character is d for directory or – for a file). Ok, now we are clear on octal privileges.
Now for WordPress uploads, lets assume your Linux user is “boris”, WordPress runs under the webserver user “apache” and you want to upload into wp-content/uploads.
The wp-content/uploads directory needs privileges set to 770 (as does wp-content itself):
drwxrwx— uploads boris apache 4096 May 19 07:17770 means boris has read(4)+write(2)+execute(1)=7 privs on the directory, apache has r+w+x privs on the directory, and world (public) has no privs on the directory.
When you are using the image uploader (or any other time via a browser), WordPress is running under apache (the webserver). The directory is in the apache group, and the directory has group permissions of 7 – r+w+x.
So WordPress – via apache – has write privileges to the directory it needs to upload755 won’t work. When you use 755, this is only r+x (4+1) for the group. No write privilege for apache, therefore no write privilege for WordPress and an error results.
Execute permission on a directory means the contents of the directory can be listed. You can’t create a file in a directory without also having execute privileges (this protects you from creating a file that you can’t verify by listing), so the webserver user (apache) needs both write and execute privileges for WordPress to be able to upload.
Technically files such as as jpg’s only need 660 permission (read + write). Execute permission is irrelevant for a file like a jpg (it doesn’t have an executable form).
In summary, use 770 privileges for wp-content and wp-content/uploads if you want to be able to upload files via WordPress (and WordPress plugins, as they will also be running under the webserver). If you are connecting via ftp using your own user, you will have owner privs, usually r+w+x. World privileges are not required (or desirable). Using 770 for wp-content and uploads, you won’t need any special htaccess directives either.
These principles apply all across WordPress directories e.g. themes updateable etc.