Serendipity Forums

In the upgrader, we have a few tasks that remove files from serendipity. These are especially the files unter /htmlarea. I think that this is a problem, and it explains a few of the upgrade problems we saw.

1. If the upgrader fails to remove those files, it can happen that the upgrader fails completely. Just happend in my test-blog (from 2.0.2 to 2.1)
2. A good configured server should not give serendipity the rights to remove those files. They are not under /uploads or under /templates_c, not even under /templates.

The combination of these two points looks like a critical mistake on our side to me.

To see a list of the files to remove, see https://github.com/s9y/Serendipity/blob ... nc.php#L20

I think we should remove those upgrader tasks, especially those for 2.0 and newer versions. Garvin, what do you think?

Hi!

IMO we should rather try to make the upgrade fail "gracefully". I thought we did that with the iterator, that in case of permission problems the function should not fail...

Removing the listed files is a good thing due to security, so I'd really like to keep it...

onli wrote:1. If the upgrader fails to remove those files, it can happen that the upgrader fails completely. Just happend in my test-blog (from 2.0.2 to 2.1)

Try it again, Sam. It may have been since my patch yesterday went accidently into the wrong list.

Ian, that'd be nice, I'll test it.
That is only true for htmlarea, no? We could keep that removal, but remove the others, which would mean that less upgrades are affected.