1 installer.manager.inc installer_manager_local_transfers_allowed()

Determines if file transfers will be performed locally.

If the server is configured so that files can be written to the configuration directory where new code will eventually be installed, and the files have the right ownership, the update manager can transfer files entirely locally, without changing their ownership (in other words, without prompting the user for FTP, SSH or other credentials).

This server configuration is an inherent security weakness because it allows a malicious webserver process to append arbitrary PHP code and then execute it. However, it is supported here because it is a common configuration on shared hosting, and there is nothing Backdrop can do to prevent it.

Return value

TRUE if local file transfers are allowed on this server, or FALSE if not.:

See also

installer_manager_update_ready_form_submit()

installer_manager_install_form_submit()

install_check_requirements()

Related topics

Installer module: file management Installer module file management functions.

File

core/modules/installer/installer.manager.inc, line 1160
Administrative screens and processing functions of the Installer module.

Code

function installer_manager_local_transfers_allowed() {
  // Compare the owner of a webserver-created temporary file to the owner of
  // the settings file to determine if local transfers will be
  // allowed. The conf_path() may be owned by a different user but writable.
  $temporary_file = backdrop_tempnam('temporary://', 'update_');
  $local_transfers_allowed = (fileowner($temporary_file) === fileowner(conf_path() . "/settings.php")) && is_writable(conf_path());

  // Clean up. If this fails, we can ignore it (since this is just a temporary
  // file anyway).
  @backdrop_unlink($temporary_file);

  return $local_transfers_allowed;
}