From 6834a736ea33e8062969f32d8a11a138f28eb100 Mon Sep 17 00:00:00 2001
From: Thomas Bloor <tom@tbsliver.me>
Date: Sat, 2 Dec 2017 14:47:44 +0000
Subject: [PATCH 1/2] Change mkdir to use correct and more secure mdoe numbers

The original setting of `777` is not a valid mode number for mkdir, and
should have been `0777` as it is an octal number. This has been changed
to `0755` to be in keeping with the wordpress permission scheme, which
is readable by all but only writeable by the current user. As these are
for backups a more strict setting may be preferable, but this is a
reasonable compromise
---
 wp-cli/civicrm.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/wp-cli/civicrm.php b/wp-cli/civicrm.php
index 1c2176a..bffdd07 100644
--- a/wp-cli/civicrm.php
+++ b/wp-cli/civicrm.php
@@ -654,7 +654,7 @@ private function restore() {
 
 			$restore_backup_dir .= '/plugins/restore/' . $date;
 
-			if ( ! mkdir( $restore_backup_dir, 777, true ) ) {
+			if ( ! mkdir( $restore_backup_dir, 0755, true ) ) {
 				return WP_CLI::error( 'Failed creating directory: ' . $restore_backup_dir );
 			}
 
@@ -999,7 +999,7 @@ private function upgrade() {
 			# begin upgrade
 
 			$backup_dir .= '/plugins/' . $date;
-			if ( ! mkdir( $backup_dir, 777, true ) ) {
+			if ( ! mkdir( $backup_dir, 0755, true ) ) {
 				return WP_CLI::error( 'Failed creating directory: ' . $backup_dir );
 			}
 

From 75caf456b7ecc26cf11301f9ad59f9eab5c271fa Mon Sep 17 00:00:00 2001
From: Thomas Bloor <tbsliver@shadow.cat>
Date: Fri, 15 Dec 2017 11:46:16 +0000
Subject: [PATCH 2/2] Modified chmod for settings directory to also be 0755
 instead of 0777

---
 wp-cli/civicrm.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wp-cli/civicrm.php b/wp-cli/civicrm.php
index bffdd07..b4083d2 100644
--- a/wp-cli/civicrm.php
+++ b/wp-cli/civicrm.php
@@ -379,7 +379,7 @@ private function install() {
 			$upload_dir = wp_upload_dir();
 			$settings_dir = $upload_dir['basedir'] . DIRECTORY_SEPARATOR . 'civicrm' . DIRECTORY_SEPARATOR;
 			civicrm_setup( $upload_dir['basedir'] . DIRECTORY_SEPARATOR );
-			WP_CLI::launch( "chmod 0777 $settings_dir -R" );
+			WP_CLI::launch( "chmod 0755 $settings_dir -R" );
 
 			# now we've got some files in place, require PEAR DB and check db setup
 			$dsn = "mysql://{$dbuser}:{$dbpass}@{$dbhost}/{$dbname}?new_link=true";