IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
|
| 140 | 140 | $this->generic_strings(); |
| 141 | 141 | } |
| 142 | 142 | |
| | 143 | /** |
| | 144 | * Return an array of trusted Ed25519 public keys |
| | 145 | * |
| | 146 | * @return array<int, string> |
| | 147 | */ |
| | 148 | public function getPublicKeys() |
| | 149 | { |
| | 150 | return array( |
| | 151 | ParagonIE_Sodium_Compat::hex2bin( '4d6236cc44829b2f96a26d905aec92162077ef5aa7e0a4e2a6d251258dc83bd1' ) |
| | 152 | ); |
| | 153 | } |
| | 154 | |
| 143 | 155 | /** |
| 144 | 156 | * Add the generic strings to WP_Upgrader::$strings. |
| 145 | 157 | * |
| … |
… |
|
| 275 | 287 | |
| 276 | 288 | $this->skin->feedback( 'downloading_package', $package ); |
| 277 | 289 | |
| 278 | | $download_file = download_url( $package |
| | 290 | $download_file = download_url( $package, 300, self::getPublicKeys() ); |
| 279 | 291 | |
| 280 | 292 | if ( is_wp_error( $download_file ) ) { |
| 281 | 293 | return new WP_Error( 'download_failed', $this->strings['download_failed'], $download_file->get_error_message() ); |
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
|
| 965 | 965 | * |
| 966 | 966 | * @param string $url the URL of the file to download |
| 967 | 967 | * @param int $timeout The timeout for the request to download the file default 300 seconds |
| | 968 | * @param array<int, string> $publicKeys An array of strings containing Ed25519 public keys |
| 968 | 969 | * @return mixed WP_Error on failure, string Filename on success. |
| 969 | 970 | */ |
| 970 | | function download_url( $url, $timeout = 300 |
| | 971 | function download_url( $url, $timeout = 300, $publicKeys = array() ) { |
| 971 | 972 | //WARNING: The file is not automatically deleted, The script must unlink() the file. |
| 972 | 973 | if ( ! $url ) { |
| 973 | 974 | return new WP_Error( 'http_no_url', __( 'Invalid URL Provided.' ) ); |
| … |
… |
|
| 1007 | 1008 | } |
| 1008 | 1009 | } |
| 1009 | 1010 | |
| | 1011 | $content_ed25519_hex = wp_remote_retrieve_header( $response, 'content-ed25519' ); |
| | 1012 | $ed25519_check = verify_file_ed25519( $tmpfname, $publicKeys, $content_ed25519_hex ); |
| | 1013 | if ( is_wp_error( $ed25519_check ) ) { |
| | 1014 | unlink( $tmpfname ); |
| | 1015 | return $ed25519_check; |
| | 1016 | } |
| | 1017 | |
| 1010 | 1018 | return $tmpfname; |
| 1011 | 1019 | } |
| 1012 | 1020 | |
| … |
… |
|
| 1896 | 1904 | </div> |
| 1897 | 1905 | <?php |
| 1898 | 1906 | } |
| | 1907 | |
| | 1908 | /** |
| | 1909 | * Verifies the Ed25519 signature of a file for a given set of public keys. |
| | 1910 | * |
| | 1911 | * @since 5.0 (presumably) |
| | 1912 | * |
| | 1913 | * @param string $filename |
| | 1914 | * @param array<int, string> $publicKeys |
| | 1915 | * @param string $signature |
| | 1916 | * @return bool|object WP_Error on failure, true on success |
| | 1917 | */ |
| | 1918 | function verify_file_ed25519( $filename, $publicKeys, $signature ) { |
| | 1919 | if ( ParagonIE_Sodium_Core_Util::strlen( $signature ) === ParagonIE_Sodium_Compat::CRYPTO_SIGN_BYTES * 2) { |
| | 1920 | $signature = ParagonIE_Sodium_Compat::hex2bin($signature); |
| | 1921 | } |
| | 1922 | foreach ($publicKeys as $public_key) { |
| | 1923 | if (ParagonIE_Sodium_Core_Util::strlen( $public_key ) === ParagonIE_Sodium_Compat::CRYPTO_SIGN_PUBLICKEYBYTES * 2) { |
| | 1924 | $public_key = ParagonIE_Sodium_Compat::hex2bin( $public_key ); |
| | 1925 | } |
| | 1926 | if ( ParagonIE_Sodium_File::verify( $signature, $filename, $public_key ) ) { |
| | 1927 | return true; |
| | 1928 | } |
| | 1929 | } |
| | 1930 | return new WP_Error( 'ed25519_mismatch', sprintf( __( 'The signature of the file (%1$s) is not valid for any of the trusted public keys.' ), bin2hex( $signature ) ) ); |
| | 1931 | } |