Incorrect file permissions applied

There’s a bug applying file permissions in WsdSecurity.php file, when it’s setting the 664 permission to files, uses quotes around the 0644 number and the number is implicitely converted in an integer (and it’s not trated as octal) by PHP as you can see following:

$ stat -c "%a %n" *
664 test1.txt
664 test2.txt

$ php -a
php > chmod('test1.txt', 0644);    // without single quotes
php > chmod('test2.txt', '0644');  // with single quotes

$ stat -c "%a %n" *
644 test1.txt
1204 test2.txt

So, the files in the server can’t be chmod’ed to the correct 644 value by an user without admin privileges.

(I have no idea about where to post tickets for wp-security-scan plugin… sorry if this is not the place for.)