Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider removing support for FTP credentials for filesystem #1777

Closed
michaeltorbert opened this issue Jul 12, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@michaeltorbert
Copy link
Member

commented Jul 12, 2018

When we call request_filesystem_credentials we support FTP credentials, which is outdated, not needed on 99% of websites, and causes problems like #1774

We should consider ditching this, or at least only supporting it when explicitly requested, such as with an aioseop-specific constant in wp-config.php or a filter hook.

@michaeltorbert michaeltorbert added this to the 2.7.1 milestone Jul 12, 2018

@michaeltorbert

This comment has been minimized.

Copy link
Member Author

commented Jul 12, 2018

From https://codex.wordpress.org/Filesystem_API

Another problem with calling request_filesystem_credentials() directly is you cannot determine if you will have direct access to the file system or if the user will be prompted for credentials. From a UX standpoint this becomes problematic if you want to make changes to files when a plugin is activated. Just imagine, a user goes to install your plugin via their admin area, enters their FTP details, completes the installation and activates your plugin. But as soon as they do, they are prompted to enter their FTP details again and are left scratching their head as to why.

....

$access_type = get_filesystem_method();
if($access_type === 'direct')
{
/* you can safely run request_filesystem_credentials() without any issues and don't need to worry about passing in a URL */
$creds = request_filesystem_credentials(site_url() . '/wp-admin/', '', false, false, array());

/* initialize the API */
if ( ! WP_Filesystem($creds) ) {
	/* any problems and we exit */
	return false;
}	

global $wp_filesystem;
/* do our file manipulations below */

}
else
{
/* don't have direct write access. Prompt user with our notice */
add_action('admin_notices', 'you_admin_notice_function');
}

michaeltorbert added a commit that referenced this issue Jul 13, 2018

michaeltorbert added a commit that referenced this issue Jul 13, 2018

Merge pull request #1781 from semperfiwebdesign/issue-1777-updated
only allow direct FS checks for physical file #1777
@wpsmort

This comment has been minimized.

Copy link
Member

commented Jul 13, 2018

Testing identified a bug and issue #1785 was opened to fix this in v2.7.2.

@wpsmort wpsmort closed this Jul 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.