WordPress.org

Make WordPress Core

Ticket #20074: 20074.3.diff

File 20074.3.diff, 3.1 KB (added by sivel, 2 years ago)

Take this a bit further, perhaps just to show what could be done, to allow people to use either the Content-MD5 header, a hex hash, or a URL to an MD5 file to verify the download via download_url()

  • wp-admin/includes/file.php

     
    492492 * 
    493493 * @param string $url the URL of the file to download 
    494494 * @param int $timeout The timeout for the request to download the file default 300 seconds 
    495  * @return mixed WP_Error on failure, string Filename on success. 
     495 * @param mixed $verify Whether to attempt download verification using the Content-MD5 header if it exists, bool to use Content-MD5 header, or string for a hex hash, or URL to MD5 file 
     496 * @param bool $force_verify Whether to force verification, despite the existence of the MD5 
     497 * @param bool $full_response Whether to return the full response instead of just the filename 
     498 * @return mixed WP_Error on failure, string Filename or HTTP API response array on success. 
    496499 */ 
    497 function download_url( $url, $timeout = 300 ) { 
     500function download_url( $url, $timeout = 300, $verify = true, $force_verify = false, $full_response = false ) { 
    498501        //WARNING: The file is not automatically deleted, The script must unlink() the file. 
    499502        if ( ! $url ) 
    500503                return new WP_Error('http_no_url', __('Invalid URL Provided.')); 
     
    515518                return new WP_Error( 'http_404', trim( wp_remote_retrieve_response_message( $response ) ) ); 
    516519        } 
    517520 
    518         return $tmpfname; 
     521        if ( is_bool( $verify ) ) { 
     522                $content_md5 = wp_remote_retrieve_header( $response, 'content-md5' ); 
     523                if ( ! $content_md5 && $force_verify ) 
     524                        return new WP_Error( 'download_verification_failed', __( 'A Content-MD5 header was not found.' ) ); 
     525        } else if ( preg_match( '!^(http|https|ftp)://!i', $verify ) ) { 
     526                $md5response = wp_remote_get( $verify ); 
     527                if ( ( is_wp_error ( $md5response ) || (int) wp_remote_retrieve_response_code ( $md5response ) !== 200 ) && $force_verify ) 
     528                        return new WP_Error( 'download_verification_failed', sprintf( __( 'Failed to retrieve the specified MD5 file from <span class="code">%s</span>.' ), $verify ) ); 
     529                else 
     530                        $content_md5 = current( explode( '  ' , wp_remote_retrieve_body( $md5response ) ) ); 
     531        } else { 
     532                $content_md5 = $verify; 
     533        } 
     534 
     535        if ( ( ! empty( $content_md5 ) && $verify ) || $force_verify ) { 
     536                $md5_file = md5_file( $response['filename'] ); 
     537                if ( $md5_file != $content_md5 ) 
     538                        return new WP_Error( 'download_verification_failed', sprintf( __( 'The checksum of the download (%1$s) does not match the provided checksum value (%2$s).' ), $md5_file, $content_md5 ) ); 
     539        } 
     540 
     541        if ( $full_response ) 
     542                return $response; 
     543        else 
     544                return $tmpfname; 
    519545} 
    520546 
    521547/** 
  • wp-admin/includes/class-wp-upgrader.php

     
    115115 
    116116                $this->skin->feedback('downloading_package', $package); 
    117117 
    118                 $download_file = download_url($package); 
     118                $download_file = download_url($package, 300, true); 
    119119 
    120120                if ( is_wp_error($download_file) ) 
    121121                        return new WP_Error('download_failed', $this->strings['download_failed'], $download_file->get_error_message());