Y
Hacker News
new
|
ask
|
show
|
jobs
by
nly
3958 days ago
Indeed. First thing that blew my mind is that it checks to see if its files are owned by the uid of the php process. Why? Why can't we just +w on uploads, themes, plugins etc using group permissions?