Ticket #16923: 16923.patch
| File 16923.patch, 8.0 KB (added by , 14 years ago) |
|---|
-
wp-admin/includes/class-wp-upgrader.php
389 389 $this->strings['process_success'] = __('Plugin installed successfully.'); 390 390 } 391 391 392 function install($package ) {392 function install($package, $referer = '') { 393 393 394 394 $this->init(); 395 395 $this->install_strings(); 396 396 397 // Malware check 398 if ( false !== strpos($package, '://') ) { 399 $malware = wp_passes_malware_check($package, $referer); 400 if ( is_wp_error($malware) ) {; 401 //$this->skin->header(); 402 $this->skin->before(); 403 $this->skin->error( $malware ); 404 $this->skin->after(); 405 //$this->skin->footer(); 406 return $malware; 407 } 408 } 409 397 410 $this->run(array( 398 411 'package' => $package, 399 412 'destination' => WP_PLUGIN_DIR, -
wp-admin/includes/plugin-install.php
136 136 /** 137 137 * Upload from zip 138 138 * @since 2.8.0 139 *140 * @param string $page141 139 */ 142 function install_plugins_upload( $page = 1) {140 function install_plugins_upload() { 143 141 ?> 144 142 <h4><?php _e('Install a plugin in .zip format') ?></h4> 145 143 <p class="install-help"><?php _e('If you have a plugin in a .zip format, you may install it by uploading it here.') ?></p> … … 151 149 </form> 152 150 <?php 153 151 } 154 add_action('install_plugins_upload', 'install_plugins_upload' , 10, 1);152 add_action('install_plugins_upload', 'install_plugins_upload'); 155 153 156 154 /** 155 * Sideload from arbitrary URL 156 * @since 3.1.0 157 */ 158 function install_plugins_url() { 159 $url = !empty($_GET['url']) ? stripslashes($_GET['url']) : ''; 160 ?> 161 <h4><?php _e('Install a plugin from a URL') ?></h4> 162 <p class="install-help"><?php _e('If you have the URL to a plugin in .zip format, you may install it by providing the URL here.') ?></p> 163 <?php 164 if ( !empty($url) ) { 165 166 } 167 ?> 168 <form method="post" action="<?php echo self_admin_url('update.php?action=sideload-plugin') ?>"> 169 <?php wp_nonce_field( 'plugin-sideload' ) ?> 170 <label class="screen-reader-text" for="pluginzip"><?php _e('URL to Plugin zip file'); ?></label> 171 <input type="input" type="text" class="large-text" id="pluginurl" name="pluginurl" value="<?php echo esc_attr($url); ?>" /> 172 <input type="submit" class="button" value="<?php esc_attr_e('Install Now') ?>" /> 173 </form> 174 <?php 175 } 176 add_action('install_plugins_url', 'install_plugins_url'); 177 178 /** 157 179 * Display plugin content based on plugin list. 158 180 * 159 181 * @since 2.7.0 -
wp-admin/includes/update.php
309 316 } 310 317 add_action( 'admin_notices', 'maintenance_nag' ); 311 318 319 /** 320 * Runs a supplied URL against the WordPress Malware checking API. 321 * 322 * The WordPress.org Malware checking API is designed to block known spam sites, These sites might for 323 * example, either provide themes/plugins which insert hidden links, or insert backdoors into themes/plugins. 324 * 325 * A Filter is available for sites/plugins to extend upon this API check, 'malware_check_api' and should return 326 * the same values as expexted from this function. 327 * This function will also check if the URL redirects to another site, and run that through the malware checking API as well. 328 * 329 * @param string $url The URL to check against 330 * @param string $ref The Referer of who has asked for the item to be installed 331 * @return bool|object True on success, WP_Error instance upon failure 332 */ 333 function wp_passes_malware_check($url, $ref = '') { 334 $_url = parse_url($url); 335 if ( !$_url || empty($_url['host']) || empty($_url['path']) ) 336 return new WP_Error('invalid_url', __('An invalid URL was passed')); 337 338 // First check if this URL is a redirection 339 $site = wp_remote_head($url, array( 'timeout' => 10 ) ); 340 if ( ! is_wp_error($site) && isset($site['headers']['location']) ) // If it is, Save an API call and check the redirection directly 341 return wp_passes_malware_check($site['headers']['location']); 342 343 if ( ! empty( $ref ) ) 344 $ref = '&ref=' . urlencode($ref); 345 346 $api = wp_remote_get('http://api.wordpress.org/themes/malware-check/1.0/?url=' . urlencode($url) . $ref, array( 'timeout' => 10 ) ); 347 if ( is_wp_error($api) ) 348 return $api; 349 350 switch ( $api['body'] ) { 351 default: // default: The response was malformed, This could be raised by a faulty proxy or intercepted request (..or .org server failure) 352 case '-1': // unknown URL. This URL should never have reached the API. 353 return new WP_Error('invalid_url', __('An invalid URL was passed')); 354 355 case '0': // blacklisted URL. 356 return new WP_Error('blacklisted_malware', sprintf(__("The URL specified has been blacklisted by WordPress.org's Malware checking service due to security concerns, Please see the <a href='%s'>Codex</a> for more information."), 'http://codex.wordpress.org/spammy_themes_and_plugins') ); //@TODO Codex link & Wording. 357 358 case '1': // Passes the checks. 359 return apply_filters('malware_check_api', true, $url); 360 } 361 } 362 312 363 ?> -
wp-admin/update.php
113 113 114 114 $type = 'web'; //Install plugin type, From Web or an Upload. 115 115 116 $upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact('t itle', 'url', 'nonce', 'plugin', 'api') ) );116 $upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact('type', 'title', 'url', 'nonce', 'plugin', 'api') ) ); 117 117 $upgrader->install($api->download_link); 118 118 119 119 include(ABSPATH . 'wp-admin/admin-footer.php'); … … 142 142 143 143 include(ABSPATH . 'wp-admin/admin-footer.php'); 144 144 145 } elseif ( 'sideload-plugin' == $action ) { 146 147 if ( ! current_user_can('install_plugins') ) 148 wp_die(__('You do not have sufficient permissions to install plugins for this site.')); 149 150 check_admin_referer('plugin-sideload'); 151 152 $download_url = esc_url_raw( stripslashes( $_POST['pluginurl'] ) ); 153 154 $title = __('Plugin Install'); 155 $parent_file = 'plugins.php'; 156 $submenu_file = 'plugin-install.php'; 157 require_once(ABSPATH . 'wp-admin/admin-header.php'); 158 159 $title = sprintf( __('Installing Plugin from URL: %s'), $download_url ); 160 $nonce = 'plugin-sideload'; 161 $url = 'update.php?action=sideload-plugin&pluginurl=' . urlencode( stripslashes( $_POST['pluginurl'] ) ); 162 $type = 'web'; 163 164 $upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact('type', 'title', 'url', 'nonce') ) ); 165 $upgrader->install( $download_url ); 166 167 include(ABSPATH . 'wp-admin/admin-footer.php'); 168 145 169 } elseif ( 'upgrade-theme' == $action ) { 146 170 147 171 if ( ! current_user_can('update_themes') ) … … 213 237 $url = 'update.php?action=install-theme&theme=' . $theme; 214 238 $type = 'web'; //Install theme type, From Web or an Upload. 215 239 216 $upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact('t itle', 'url', 'nonce', 'plugin', 'api') ) );240 $upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact('type', 'title', 'url', 'nonce', 'theme', 'api') ) ); 217 241 $upgrader->install($api->download_link); 218 242 219 243 include(ABSPATH . 'wp-admin/admin-footer.php'); … … 237 261 $title = sprintf( __('Installing Theme from uploaded file: %s'), basename( $file_upload->filename ) ); 238 262 $nonce = 'theme-upload'; 239 263 $url = add_query_arg(array('package' => $file_upload->filename), 'update.php?action=upload-theme'); 240 $type = 'upload'; //Install plugintype, From Web or an Upload.264 $type = 'upload'; //Install theme type, From Web or an Upload. 241 265 242 266 $upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact('type', 'title', 'nonce', 'url') ) ); 243 267 $upgrader->install( $file_upload->package );