Hi @jqz, thanks for opening this ticket!

Looks like there's two issues to resolve here:

1. That the $checkout variable isn't initialized and, as the loop's early exit can prevent assignment to $checkout, this can be undefined by the time it reaches the return statement.
   • ​PR 4630 should handle this one.
2. That WP_Automatic_Updater::is_allowed_dir() can return false for all directories on Windows, including ABSPATH.
   • This needs testing and some testing info.

@jqz Can you provide your open_basedir directive (anonymized if necessary), and the value of the ABSPATH constant? Thanks!

• This was introduced in [55425], setting Version to 6.2.
• Milestoning for 6.3 for visibility.

@audrasjb @SergeyBiryukov Should this be milestoned for 6.2.3, or are we unlikely to land that before 6.3 is released?

Let's keep it in milestone 6.3 until it's committed. Then we can milestone it to 6.2.3 with fixed-major workflow keyword and eventually – if 6.2.3 is confirmed – we can plan to backport it :)

Replying to costdev:

@jqz Can you provide your open_basedir directive (anonymized if necessary), and the value of the ABSPATH constant? Thanks!

This are the relevant settings:

• ABSPATH: D:\webs\localhost\example.co.uk\sites\ofs3\wordpress/
• WP_CONTENT_DIR: D:\webs\localhost\example.co.uk\sites\ofs3/content
• DOCUMENT_ROOT: D:/webs/localhost/example.co.uk
• open_basedir: D:/webs/localhost/example.co.uk/sites/ofs3/;C:\WINDOWS\TEMP/;d:/webs/localhost/

2. That WP_Automatic_Updater::is_allowed_dir() can return false for all directories on Windows, including ABSPATH.

Looks like WP_Automatic_Updater::is_allowed_dir() is not accounting for case insensitivity of Windows filenames, nor that the path separator can be either \ or /.

Replying to jqz:

This are the relevant settings:

• ABSPATH: D:\webs\localhost\example.co.uk\sites\ofs3\wordpress/
• WP_CONTENT_DIR: D:\webs\localhost\example.co.uk\sites\ofs3/content
• open_basedir: D:/webs/localhost/example.co.uk/sites/ofs3/;C:\WINDOWS\TEMP/;d:/webs/localhost/

$check_dirs contains the following (which have different directory separators and casedness of drive letter):

• D:\webs\localhost\example.co.uk\sites\ofs3/content/plugins
• D:\webs\localhost\example.co.uk\sites\ofs3/content
• D:\webs\localhost\example.co.uk\sites\ofs3
• D:\webs\localhost\example.co.uk\sites
• D:\webs\localhost\example.co.uk
• D:\webs\localhost
• D:\webs
• D:\
• D:\webs\localhost\example.co.uk\sites\ofs3\wordpress

Thanks a lot @jqz!

@audrasjb I'm thinking that ​PR 4630 could be committed in 6.3. Since this ticket is specifically about the $checkout variable's definition being dependent on a foreach loop, the PR targets this issue and includes PHPUnit tests, and so this ticket could be closed after the PR is committed.

We could then take the information from @jqz into a separate ticket to focus on investigating and resolving the Windows-specific issue that exposed the undefined $checkout. What do you think?

For now, I'm removing needs-testing and needs-testing-info, as this pertains to the Windows-specific issue, which may be separated into a different ticket.