WOAH! Do not put symlinks to your uploaded files in a temporary cache directory. Nginx users running WordPress should beware if they followed these instructions and put a symlink to uploaded files in the wp-content/cache/ directory. I’m going to rewrite that page right now suggesting they use a different directory, possibly wp-content/uploads/ or maybe wp-content/files/.
WP Super Cache (and I presume other caching plugins) will delete everything in the cache directory. It’s like putting important files in /tmp/ where files are routinely cleaned out on reboot.
My replies on the thread above might paint me as a cold heartless bastard but I am sorry those websites suffered data loss. However I’m shocked that they put links to uploaded images in a folder containing temporary files!
4 Comments
anonymous on January 18, 2012 at 7:49 pm.
This is actually a security vulnerability with your plugin that you need to fix.
Donncha O Caoimh (105 comments.) on January 18, 2012 at 8:01 pm.
I don’t think it is. If you have permission to create a symlink in the cache directory and can do so without the website owner’s permission then you can upload a script that deletes all their uploaded files quite easily.
Barb (1 comments.) on January 22, 2012 at 12:49 am.
I wanted to load your wp super cache. I was told that for beginners, (and i am a novice, so i need something that works, and i do not need to worry about it), super cache is the best. However, it says on wp that it has not been tested in 3.3. When i read people lose things, it scares me. Are you going to test this to work in 3.3. thanks.
Donncha O Caoimh (105 comments.) on January 22, 2012 at 9:44 am.
It works fine in 3.3, and this data loss was not because of a bug in the plugin. It was because of an unfortunate choice of location for a link to upload files. It never made sense to put that link there in the first place..
At least 16,000 sites use the plugin so that’s a pretty good indication of how reliable it is.