Maybe I don't understand what you're trying to do.
I understand you want to add a new function which allows to change the default value for the class. But how would that help the user? They still can't set it in a parameter. Or who is your target for this method?

OK, so let's say that (for whatever reason) I want all folders created by Joomla to use some mode other than 0755. When Joomla calls JFolder::create() (in com_media or wherever), I have no opportunity to set a different mode, it just uses the default. So this change allows a developer to change the default (without actually modifying any core code). He can do this by creating a simple plugin that handles some event (probably onAfterInitialise) and then calls JFolder::mode(0777); or whatever he needs the mode to be. This sets the default mode and now when JFolder::create() gets called (without the second argument as usual), the folder is created with the new default mode instead of 0755.

Ah I see, so the target for this new method would be developers, not the users themself. I wonder why not just use the second argument in your own extension if you need some special permissions set.

For users I think it would be better if it's a new parameter in the global configuration instead of a new method which has to be called by a system plugin.

On the other side this can be quite dangerous if set wrong by a user. And we already have the FTP layer for related reasons.

Do you have a case where the default permissions set by com_media don't work for you?

You'd write an extension to set the default, not to actually create folders. Folders will be created by com_media (and perhaps others) in which case you currently have no control over the mode. This allows you to set the mode that will be used in those cases.

When considering this issue, my first thought was also to put it in the global config. But after thinking about it more, I decided that's not the best place for this option. The purpose of this change is to add some additional flexibility to Joomla but this flexibility is really only needed by edge cases so I didn't feel it was worth it to clutter the global config with some option that most users will never need and many won't understand. Doing it this way makes it highly unlikely that the setting could be changed by accident. If someone goes to the trouble of writing a plugin to set this option, it can be assumed he knows what he's doing.

If safety is an issue, this function can be made a bit safer by doing something like:

self::$dirmode = $mode | 0700;

But if safety is a concern, then we have to actually realize that the danger is not the ability to freely set the default mode, but the ability to freely set the mode at all. The JFolder::create() function already has the ability to create folders with screwed up access rights. Should we address this issue? Maybe.

As for my case, I'd actually like to use 02775 which, I know, is a bit unusual. I want unusual cases like this to be possible but they don't have to be too easy.

Personally I'd rather see this implemented as a parameter either in global configuration or more preferred in com_media and other extensions where it may be useful.

Adding a method to a library which is only used by a custom plugin to apply a parameter sounds quite hackish to me.

I think safety isn't that much of a problem if it's done per extension as a parameter. And if the tooltip has a good text explaining what the parameter does.

I really think that this should be a server-level configuration.

And if some think it should be a configuration in Joomla to counter poorly-secure hosters (but if they can't manage permissions on public_html folders, how can you trust them to manage a server anyway ??!), it should be in "Server" tab of global Joomla configuration (as was the case in Mambo), as i don't see an interest to change them on an extension-by-extension level.

It certainly should not be done on an extension-by-extention basis. com_media is not necessarily the only place this function gets called so you'd need to have a similar setting in multiple places.

If global config is a better location for this setting I'm fine with putting it there. What would you think about removing the second argument of JFolder::create() so that the mode you set in the configs is the mode that is always used and no misbehaving extention can change that by passing a second argument with some wrong mode?

You can't remove an existing argument for B/C reasons.

Your first idea as a class setting is right, please don't confuse users with yet another parameter. But I also agree that this should be handled in theory by the server configuration and not by Joomla. So I'd rather go the other way around and actually remove setting some permissions on new folders.

All in all, I'd call this PR usefull and will set the tracker item back to "pending".

No.