Fixed theme zip extraction permissions#852
Conversation
no issue GScan validates and installs theme zips from its extracted temp directory. Some customer archives preserve read-only directory modes, which can block validation or later cleanup. Use the new @tryghost/zip owner-permission normalization option so uploaded themes are extracted with writable owner permissions while keeping the source archive unchanged.
|
Warning Review limit reached
More reviews will be available in 29 minutes and 53 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (3)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
no issue Resolved the package and lockfile conflicts by keeping the upstream dependency refresh from main while retaining @tryghost/zip 3.5.0 for the theme zip permission fix.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0f3d1eff1d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "@tryghost/zip": "3.4.1", | ||
| "@tryghost/pretty-cli": "3.3.0", | ||
| "@tryghost/server": "3.1.0", | ||
| "@tryghost/zip": "3.5.0", |
There was a problem hiding this comment.
With this bump the lockfile now installs @tryghost/zip with its own @tryghost/errors@3.3.1, while GScan itself still imports @tryghost/errors@3.3.0. In a normal install, zip extraction failures such as symlink or size-limit UnsupportedMediaTypeErrors are created by the nested 3.3.1 copy, so the errors.utils.isGhostError checks in lib/read-zip.js/lib/checker.js no longer recognize them as Ghost errors and wrap them as generic ValidationErrors, dropping the code/errorDetails callers rely on. Please bump the direct @tryghost/errors dependency to the same version as the zip package, or otherwise ensure both modules share the same error classes.
Useful? React with 👍 / 👎.
1 participant
ref TryGhost/framework#761
ref https://linear.app/ghost/issue/ONC-1838/timeout-on-theme-upload
Some theme zip files have read-only folder permissions. When an user uploads one of these themes, GScan needs to unzip the archive and create files inside those folders. If the folders are not writable by the owner, extraction can get stuck and the theme upload appears to freeze in the UI without a useful error message.
With this change, GScan opts into the new
@tryghost/zipowner-permission normalization while extracting theme uploads. Directories are normalized so the owner can read, write, and traverse them, and files are normalized so the owner can read and write them. The original zip is not modified; only the temporary extracted copy is made usable for validation and installation.The result is that themes with incorrect folder permissions can still be uploaded successfully instead of leaving the user stuck on a frozen upload.