WordPress.org

Make WordPress Core

Ticket #20074: 20074.2.diff

File 20074.2.diff, 2.2 KB (added by sivel, 6 years ago)

Move the verification to download_url()

  • wp-admin/includes/file.php

     
    492492 *
    493493 * @param string $url the URL of the file to download
    494494 * @param int $timeout The timeout for the request to download the file default 300 seconds
    495  * @return mixed WP_Error on failure, string Filename on success.
     495 * @param bool $verify Whether to attempt download verification using the Content-MD5 header if it exists
     496 * @param bool $full_response Whether to return the full response instead of just the filename
     497 * @return mixed WP_Error on failure, string Filename or HTTP API response array on success.
    496498 */
    497 function download_url( $url, $timeout = 300 ) {
     499function download_url( $url, $timeout = 300, $verify = true, $full_response = false ) {
    498500        //WARNING: The file is not automatically deleted, The script must unlink() the file.
    499501        if ( ! $url )
    500502                return new WP_Error('http_no_url', __('Invalid URL Provided.'));
     
    515517                return new WP_Error( 'http_404', trim( wp_remote_retrieve_response_message( $response ) ) );
    516518        }
    517519
    518         return $tmpfname;
     520        $content_md5 = wp_remote_retrieve_header( $response, 'content-md5' );
     521
     522        if ( ! empty( $content_md5 ) && $verify ) {
     523                $md5_file = md5_file( $response['filename'] );
     524                if ( $md5_file != $content_md5 )
     525                        return new WP_Error( 'download_verification_failed', sprintf( __( 'The checksum of the download (%1$s) does not match the provided checksum value (%2$s).' ), $md5_file, $content_md5 ) );
     526        }
     527
     528        if ( $full_response )
     529                return $response;
     530        else
     531                return $tmpfname;
    519532}
    520533
    521534/**
  • wp-admin/includes/class-wp-upgrader.php

     
    115115
    116116                $this->skin->feedback('downloading_package', $package);
    117117
    118                 $download_file = download_url($package);
     118                $download_file = download_url($package, 300, true);
    119119
    120120                if ( is_wp_error($download_file) )
    121121                        return new WP_Error('download_failed', $this->strings['download_failed'], $download_file->get_error_message());