FTP FileTransfer classes need to be able to establish if they are chrooted

Looks good, however:

- Fails to run tests(?)
- Comments need to begin with a space and a capital letter and end with a period.
- "+ " - no trailing white space.
- I sometimes have Drupal installations as subfolders of another Drupal installation. (E.g. cwgordon.com vs. cwgordon.com/foo/ or foo.cwgordon.com). I believe that under the current code the Drupal in the parent folder will always be selected? Perhaps the way to approach this is to create a file with a random name in the files directory and check for that, which should be unique to each Drupal installation?

For me this path work's fine.

But I think that the user should confirm that the ftp location of drupal is fine, or at least and for security, one random file with random content in the tmp modules folder.

See here:
#395474-197: Plugin Manager in Core: Part 2 (integration with update status)
#395474-198: Plugin Manager in Core: Part 2 (integration with update status)
#395474-199: Plugin Manager in Core: Part 2 (integration with update status)

FWIW, this doesn't seem to fix #395474: Plugin Manager in Core: Part 2 (integration with update status) on my windows setup.
The FTP server still receives CWD D:\... which he cannot handle.

Ok.
But in case of symlink's ? We can have ftp symlink's and with other's names. Ex.

Folders:
/home/jacob/drupal
/home/jacob/drupal/drupal
/home/jacob/drupal2
/home/jacob/www.example.org
/home/jacob/example.org
/home/jacob/drupal7

Ftp Folders: (with ln -s [symlinks])
/ftp/site1 -> /home/jacob/drupal
/ftp/site2 -> /home/jacob/drupal/drupal
/ftp/site3 -> /home/jacob/drupal2
/ftp/site4 -> /home/jacob/www.example.org
/ftp/site5 -> /home/jacob/example.org
/ftp/drupal -> /home/jacob/drupal7

Maybe none use this way..(I don't use this way), But maybe some shared host, some bad configuration or other's config, we can have this, or other things that we don't know yet. So, that said, it would be nice to at least we can see and verified if it found the correct path.

Maybe I'm thinking to must in security, but this functionality is to deleted and create files, and we need some fallback (for situation that we don't know yet).

if I have this: (2 sites)
/home/int/drupal/
/home/int/drupal2/drupal/

And I have ftp root here:
/ftp/
With two symlink's pointing to the two drupal folder
Like this:
/sites1/ -> /home/int/drupal/
/sites2/ -> /home/int/drupal2/drupal/

So this will work? Will detected the correct path? I think that is impossible in this case..

Maybe if the we also have this symlink will update the wrong folder??
/drupal2/ -> /home/int/drupal2/drupal/ (we are upgrading the drupal2 instalation, but the symlink drupal2 (virual folder) is pointing to /home/int/drupal2/drupal/

Maybe has no sense..
We can commit this and next think it better..

for test bot.

It's working fine.

- The difference between fixPath() and sanetizePath() was confusing at first. It feels like bad API design. Fortunately, fixPath is not part of the public API. Still a protected fucntion though. Given that it is Windows-specific, can't we name it something like convertWindowsToUnix() or something?

- Initially I thought that isFile() was redundant because you could do !isDirectory() but that is not valid.

- I find it strange that functions like fixPath() and sanetizePath() don't return a value. Why do this by reference?

- PHPdoc is sparse, especially in a function like isFile in filetransfer.inc.

Here's a patch with the edits I had to make to have #395474: Plugin Manager in Core: Part 2 (integration with update status) work on my windows setup.
Changes in :
fixPath()
findChroot()
checkPath()

Those are raw fixes, and quite possibly not the best code organization, but that code is largely above my head. At least it outlines the changes needed for windows.
This patch also does not address any of Dries's remarks in #24.

I'd love to have yched do one last test/review of the patch.

Tested #28 with the last patch in (now abandoned ?) #395474-218: Plugin Manager in Core: Part 2 (integration with update status).
Actually it didn't work on my setup.
For it to work, I had to add this line at the beginning of FileTransferFTPWrapper::removeDirectoryJailed() :

$directory = str_replace($this->chroot . '/', '', $directory);

I'm obviously not saying this is the right fix, just pointing that the function received $directory as [a_path_that_happens_to_be_$this->chroot]/sites/all/modules/foo,
which failed, while $directory = 'sites/all/modules/foo' worked.
After that change, the rest of the FTP operations worked (remove directory, copy new files).

It seems like the explanation could be that the chroot should be stripped in fixRemotePath() (called in FileTransfer::removeDirectory()), but the branch

      if (!empty($this->chroot) && strpos($path, $this->chroot) === 0) {
        $path = ($path == $this->chroot) ? '' : substr($path, strlen($this->chroot));
      }

fails because $this->chroot is not yet set at this point.

re-rolled and tested the patch here

passes all the files tests and applies properly.

Patch included an unrelated change in file.inc, I removed it, no functional changes.

works for me, and is by far, better that before.

Committed to CVS HEAD.

I just tested the drupal7 update manager on two of my machines and it still does not work if the ftp server is cofigured to chroot its users.

Test environment 1:
- debian-6.0.1 squeeze
- apache 2.2.16
- vsftpd 2.3.2
- drupal version: 7.0
If the option chroot_local_user=YES in vsftpd.conf is set upgrading or installing modules via the update manager doesn't work. The errormessage says: File Transfer failed, reason: Cannot create directory /home/peda/drupal-7.0/sites/all/modules
Uncommenting the option leads to update manager working. (but I really want users on a shared webhost to be chrooted to their home dirs)
Test environment 2:
- exchanged vsftpd with proftpd
Same here.

Can you please fix this or, if already fixed and this is just because I'm unable to configure the ftp server properly give me a hint on how to get this working.

greets peda

@peda_servus: Just to be clear, can you provide the exact steps that triggered the error? For example, I navigated to XYZT, clicked on FOO, entered my FTP credentials, etc.

No prob:

1) Navigate to http://localhost/?q=admin/modules (localhost is the debian squeeze box)
2) Click on Install Modules
3) Enter URL to fetch module src from (e.g. http://ftp.drupal.org/files/projects/video-7.x-1.0-alpha1.tar.gz)
4) Click install
5) Enter ftp credentials > Continue
6) Read Error Message:
* Warning: ftp_mkdir(): /home/peda/drupal-7.0/sites/all/modules: No such file or directory in FileTransferFTPExtension->createDirectoryJailed() (line 72 of /home/peda/drupal-7.0/includes/filetransfer/ftp.inc).
* Installation failed! See the log below for more information.

video

* Error installing / updating
* File Transfer failed, reason: Cannot create directory /home/peda/drupal-7.0/sites/all/modules

Next steps

The directory /home/peda/drupal-7.0/sites/all/modules exists, is owned by the ftp user and has rwxr-xr-x permissions.

When I uncomment the "DefaultRoot ~" line in /etc/proftpd/proftpd.conf restart the ftp server and do the exact same steps the installation works.

Following

hmm seems to work now (updated to r5564 from acquia svn), but only if the fto user owns everything in the drupal directory and its "homedir" is the drupal root. (thats not exactly what i always want but i can live with that)

Please create follow-up issues for any remaining bugs. This one has been fixed long ago.

Here's a couple open issues virtually identical to this one:

http://drupal.org/node/1144690
http://drupal.org/node/842620