?
Referenced as Pull Request for: # 6131 # 6143
avatar n9iels
n9iels
19 Feb 2015

I just found a little bug when changing a file with the editor in the template manager.
My Joomla! version is 3.4.0-rc

  1. Go to Template Manager -> Templates and choose a template
  2. Open a file and save it (you won't have to change anything).
  3. Check the file permission of this file, you now see the changed from 644 to 444.

This can cause problems when editing the same file via a ftp client. You will get a "Permission denied" message

avatar n9iels n9iels - open - 19 Feb 2015
avatar joomla-cms-bot joomla-cms-bot - change - 19 Feb 2015
Labels Added: ?
avatar infograf768
infograf768 - comment - 20 Feb 2015
avatar Bakual
Bakual - comment - 20 Feb 2015

If your webserver has a different user than your FTP user, then you actually should enable the FTP layer within the global Joomla configuration to avoid exactly such issues.
I guess you haven't enabled it?

As for why the file is made readonly after saving, I don't know. And it's probably not justified and could be changed. It may be to prevent overwriting in case of an update but that's just guessing and would likely not be what is expected.
The only other place I know we do that is the configuration.php file.

avatar brianteeman
brianteeman - comment - 20 Feb 2015

No you shouldnt enable the ftp layer in this case. That should only be used
for installing stuff and is not a secure thing and should never be
recommended
On 20 Feb 2015 12:08, "Thomas Hunziker" notifications@github.com wrote:

If your webserver has a different user than your FTP user, then you
actually should enable the FTP layer within the global Joomla configuration
to avoid exactly such issues.
I guess you haven't enabled it?

As for why the file is made readonly after saving, I don't know. And it's
probably not justified and could be changed. It may be to prevent
overwriting in case of an update but that's just guessing and would likely
not be what is expected.
The only other place I know we do that is the configuration.php file.


Reply to this email directly or view it on GitHub
#6126 (comment).

avatar n9iels
n9iels - comment - 20 Feb 2015

I don't have big problems with it. I was just wondering why it change by saving. In my oppinum it seems more logic they stay the same.

avatar Bakual
Bakual - comment - 20 Feb 2015

No you shouldnt enable the ftp layer in this case. That should only be used for installing stuff

Everytime you do file modifications, which is when you install/update extensions, upload media files or edit template files. Otherwise you get the issue that the FTP user can't edit the file created with apache user.
At least if you intend to manage the same files also directly using FTP. If not, you don't have to care about it.

In my oppinum it seems more logic they stay the same.

Agreed. Anyone wants to take that code block out?

avatar sovainfo
sovainfo - comment - 20 Feb 2015

As mentioned and even confirmed the change is made. This means the webserver has write access to the filesystem. How it got that is irrelevant to the reported issue.

Changing it to 444 protects you against yourself. It requires the file to be deleted and recreated or set to 644 for overwriting it. Agree that it might be desirable for configuration.php, but inappropriate for template files. Looks like the code needs review: it also changes the owner. Don't consider that appropriate either!

avatar n9iels n9iels - reference | - 20 Feb 15
avatar n9iels
n9iels - comment - 20 Feb 2015

The general and usual rule for the Joomla! file system is:
files: 644
folders: 755
configuration.php: 444

I understand your thoughts about it, but why should we ignore this rules?

avatar n9iels n9iels - change - 20 Feb 2015
Status New Closed
Closed_Date 0000-00-00 00:00:00 2015-02-20 14:22:00
avatar n9iels n9iels - close - 20 Feb 2015
avatar n9iels n9iels - close - 20 Feb 2015
avatar n9iels n9iels - change - 20 Feb 2015
Status Closed New
avatar n9iels n9iels - reopen - 20 Feb 2015
avatar n9iels n9iels - reopen - 20 Feb 2015
avatar n9iels
n9iels - comment - 20 Feb 2015

oepss, wrong button

avatar sovainfo
sovainfo - comment - 20 Feb 2015

Hopefully the code review will reveal the reasons for programming it this way. Explained it is trying to protect you from loosing changes, but I am not the author of this code. Object to changing owner and changing to 444, but would like to hear the motivation from the author.

Thinking about it more, slowly changing my mind in favor of the current implementation. Looking at it from the perspective of managing the template, I can live with the setting that once you used the backend to make changes you need to do something extra when using the old way.

avatar zero-24
zero-24 - comment - 20 Feb 2015

I think the main code of the template manager is by @iamramtripathi So i hope he can have a look here and to the PR (#6131) by @n9iels

Thanks :smile:


This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/6126.

avatar zero-24 zero-24 - change - 20 Feb 2015
Status New Confirmed
avatar zero-24 zero-24 - change - 20 Feb 2015
Category Administration Components
avatar pcmitsis pcmitsis - reference | - 21 Feb 15
avatar pcmitsis pcmitsis - reference | - 21 Feb 15
avatar pcmitsis pcmitsis - reference | - 22 Feb 15
avatar brianteeman brianteeman - change - 25 Feb 2015
Labels Removed: ?
avatar brianteeman brianteeman - change - 25 Feb 2015
Labels Added: ?
avatar Achal-Aggarwal
Achal-Aggarwal - comment - 17 Apr 2015

I think we can close this issue as it is fixed.

avatar n9iels n9iels - change - 17 Apr 2015
Status Confirmed Closed
Closed_Date 2015-02-20 14:22:00 2015-04-17 17:35:00
Closed_By n9iels
Labels Removed: ?
avatar n9iels n9iels - close - 17 Apr 2015

Add a Comment

Login with GitHub to post a comment