Plugin/Theme/Core Updates Fail When Curl Used and String Function Overloading Configured
|Reported by:||DrProtocols||Owned by:|
Description (last modified by SergeyBiryukov)
When downloading an update in the form of a zip file the update consistently fails with a failure to find the end of central dir record when unpack is attempted. For example:
Downloading update from http://downloads.wordpress.org/plugin/addthis.3.5.1.zip… Unpacking the update… The package could not be installed. PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature
The download is using curl.
To reproduce add the following to PHP configuration:
mbstring.func_overload = 2;
which enables str*() function overloading.
The problem is caused by the new stream_body() function in wp-includes/class-http.php which uses the strlen() function to simply return the length of data written but when overloaded with the multi-byte function the count is almost certainly incorrect when the data is binary data such as part of a zip file download. Because for a chunk the function returns a count different from that expected by curl it terminates the transfer as "completed" at that point which appears as a successful outcome. But of course the downloaded file is incomplete so when pclzip tries to unzip it the above failure results.
Attached are two files:
stream_body_problem.txt shows a _working_ case where the "written" value is the value returned by fwrite() against the "string length" value which is the value according to strlen()
stream_body_hack.txt shows a hacked function that handles the case where function overloading is enabled (not saying this is the way to do it but just to illustrate)
Change History (17)
- Milestone changed from Awaiting Review to 3.6.1
- Severity changed from normal to major
comment:2 SergeyBiryukov — 4 months ago
- Description modified (diff)
- Keywords has-patch commit removed
- Resolution set to fixed
- Status changed from new to closed