Well, i hope that if someone makes a plugin that just deletes everything, the first user will let all other know 😀
More seriously, yes, it can be an issue, on shared hosting as it could theoretically be possible to make nasty things, and that’s why usually on shared hosting usually folders are not writable.
If you have your own hosting ( a VPS or something ) you just have to pay attention to what plugins you install, but a nasty plugin could do nasty things without the need to write our cache folder, it would just do it if the db users can drop databases.
The more important part: do you have a twig folder in your cache folder already?Because Twig templates should be pre compiled and if they are not, that could be a bug on our side.
Thread Starter
fotan
(@fotan)
Yep. There’s a twig folder. When the error came up on the test server there was a link at the end of it to click when you fixed the problem. Without changing anything I clicked it and the plugin became enabled and it looks like it might be working fine. I’ll have to do some more with it tomorrow, but maybe it’s just a funky thing.
chmod 777 /var/www/ws-test-blogs/docroot/wp-content/plugins/all-in-one-event-calendar/cache//twig/
Thread Starter
fotan
(@fotan)
Thanks @aisnsso, but that’s what prompted this whole conversation. 777 means anyone anywhere can write to that folder. That won’t fly with security on my production server.
We released 2.1.8 does it fixes this?
Thread Starter
fotan
(@fotan)
Nope. Same problem.
The committee decided to move away from this plugin because of the security risk. It’s a great plugin, just doesn’t fit for our purposes.
Thanks for the help.
ok, no probs, as i explained i see no security problem unless on shared hosting, just one question, i gave for granted that it was just a notice and not an error, i mean, did the plugin work or was it broken?
Thread Starter
fotan
(@fotan)
The plugin threw an error on the top of the plugins page that said it had been disabled. There was a link at the bottom of the message that you could click to re-enable it and that seemed to work.
Ok thanks because the folder doesn’t need to be writable for the plugin to work, i checked and we ship twig templates. But it shouldn’t deactivate itself. Thanks for reporting i’ll look into this.
I’m getting the Templates cache is not writable message on my settings page. Does it not need to be writable? I may be confused but my developer and i think/thought that this may be why we’re getting memory errors.
Please advise.
Thank you,
Teri
Hi Teri,
Please change the permission to 775, it should solve the issue.
