WordPress.org

Make WordPress Core

Ticket #43992: 43992-6.diff

File 43992-6.diff, 5.9 KB (added by afragen, 21 months ago)

Improved error checking of API response

  • src/wp-admin/includes/plugin.php

    diff --git src/wp-admin/includes/plugin.php src/wp-admin/includes/plugin.php
    index c898fc5169..785fda8146 100644
     
    3131 *     Network: Optional. Specify "Network: true" to require that a plugin is activated
    3232 *          across all sites in an installation. This will prevent a plugin from being
    3333 *          activated on a single site when Multisite is enabled.
     34 *     Requires WP: Optional. Specify the minimum required WordPress version.
     35 *     Requires PHP: Optional. Specify the minimum required PHP version.
    3436 *      * / # Remove the space to close comment
    3537 *
    3638 * Some users have issues with opening large files and manipulating the contents
     
    6365 *     @type string $TextDomain  Plugin textdomain.
    6466 *     @type string $DomainPath  Plugins relative directory path to .mo files.
    6567 *     @type bool   $Network     Whether the plugin can only be activated network-wide.
     68 *     @type string $RequiresWP  Minimum required version of WordPress.
     69 *     @type string $RequiresPHP Minimum required version of PHP.
     70
    6671 * }
    6772 */
    6873function get_plugin_data( $plugin_file, $markup = true, $translate = true ) {
    function get_plugin_data( $plugin_file, $markup = true, $translate = true ) { 
    7782                'TextDomain'  => 'Text Domain',
    7883                'DomainPath'  => 'Domain Path',
    7984                'Network'     => 'Network',
     85                'RequiresWP'  => 'Requires WP',
     86                'RequiresPHP' => 'Requires PHP',
    8087                // Site Wide Only is deprecated in favor of Network.
    8188                '_sitewide'   => 'Site Wide Only',
    8289        );
    function _get_plugin_data_markup_translate( $plugin_file, $plugin_data, $markup 
    189196        return $plugin_data;
    190197}
    191198
     199/**
     200 * Get the and return plugin data used for validation.
     201 *
     202 * Initially use the Plugin API as there's no current method to parse the local plugin readme.txt file.
     203 * Alternately see if a plugin header `Requires WP` or `Requires PHP` exists and use that.
     204 *
     205 * @since 5.1.0
     206 * @see validate_plugin_requirements()
     207 *
     208 * @param string $plugin Path to the plugin file relative to the plugins directory.
     209 *
     210 * @return object $plugin_data Object of plugin data for validation.
     211 */
     212function get_plugin_validation_data( $plugin_file ) {
     213        $plugin_data = new stdClass();
     214        $slug        = dirname( $plugin_file );
     215        $url         = 'https://api.wordpress.org/plugins/info/1.2/';
     216        $url         = add_query_arg(
     217                array(
     218                        'action'                        => 'plugin_information',
     219                        rawurlencode( 'request[slug]' ) => $slug,
     220                ),
     221                $url
     222        );
     223        $response    = wp_remote_get( $url );
     224        if ( ! is_wp_error( $response ) ) {
     225                $plugin_data = json_decode( wp_remote_retrieve_body( $response ) );
     226        }
     227
     228        $invalid_check = isset( $plugin_data->error ) || is_wp_error( $response ) || $slug !== $plugin_data->slug;
     229
     230        /*
     231         * Plugin is likley not in the WP Plugin Directory but if they have designated
     232         * `Requires WP` and/or `Requires PHP` headers we can use those.
     233         */
     234        if ( $invalid_check ) {
     235                $plugin_data               = new stdClass();
     236                $plugin_data->file         = $plugin_file;
     237                $plugin_headers            = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin_file );
     238                $plugin_data->requires     = $plugin_headers['RequiresWP'];
     239                $plugin_data->requires_php = $plugin_headers['RequiresPHP'];
     240        }
     241
     242        return $plugin_data;
     243}
     244
    192245/**
    193246 * Get a list of a plugin's files.
    194247 *
    function activate_plugin( $plugin, $redirect = '', $network_wide = false, $silen 
    589642                return $valid;
    590643        }
    591644
     645        if ( validate_plugin_requirements( $plugin ) ) {
     646                return new WP_Error( 'plugin_activation_error', __( 'Plugin does not meet minimum WordPress and/or PHP requirements.' ) );
     647        }
     648
    592649        if ( ( $network_wide && ! isset( $current[ $plugin ] ) ) || ( ! $network_wide && ! in_array( $plugin, $current ) ) ) {
    593650                if ( ! empty( $redirect ) ) {
    594651                        wp_redirect( add_query_arg( '_error_nonce', wp_create_nonce( 'plugin-activation-error_' . $plugin ), $redirect ) ); // we'll override this later if the plugin can be included without fatal error
    function validate_plugin( $plugin ) { 
    10231080        return 0;
    10241081}
    10251082
     1083/**
     1084 * Validate the plugin requirements for WP version and PHP version.
     1085 *
     1086 * @uses get_plugin_validation_data()
     1087 *
     1088 * @since 5.1.0
     1089 * @see activate_plugin()
     1090 *
     1091 * @param string $plugin Path to the plugin file relative to the plugins directory.
     1092 *
     1093 * @return bool Default to true and if requirements met, false if not.
     1094 */
     1095function validate_plugin_requirements( $plugin ) {
     1096        $plugin_data  = get_plugin_validation_data( $plugin );
     1097        $wp_requires  = isset( $plugin_data->requires ) ? $plugin_data->requires : null;
     1098        $php_requires = isset( $plugin_data->requires_php ) ? $plugin_data->requires_php : null;
     1099
     1100        return ! ( is_compatible_wp( $wp_requires ) && is_compatible_php( $php_requires ) );
     1101}
     1102
    10261103/**
    10271104 * Whether the plugin can be uninstalled.
    10281105 *
  • src/wp-includes/functions.php

    diff --git src/wp-includes/functions.php src/wp-includes/functions.php
    index 471fcbb5d6..bfc3142b04 100644
    function wp_privacy_delete_old_export_files() { 
    65536553                }
    65546554        }
    65556555}
     6556
     6557/**
     6558 * Check compatibility with current WordPress version.
     6559 *
     6560 * @since 5.1.0
     6561 *
     6562 * @param string $requires Minimum WordPress version from API.
     6563 *
     6564 * @return bool Default true if requirement met or empty, false if not met.
     6565 */
     6566function is_compatible_wp( $requires ) {
     6567        $wp_version = get_bloginfo( 'version' );
     6568        return ( empty( $requires ) || version_compare( substr( $wp_version, 0, strlen( $requires ) ), $requires, '>=' ) );
     6569}
     6570
     6571/**
     6572 * Check compatibility with current PHP version.
     6573 *
     6574 * @since 5.1.0
     6575 *
     6576 * @param string $requires Minimum PHP version from API.
     6577 *
     6578 * @return bool Default true if requirement met or empty, false if not met.
     6579 */
     6580function is_compatible_php( $requires ) {
     6581        return ( empty( $requires ) || version_compare( substr( phpversion(), 0, strlen( $requires ) ), $requires, '>=' ) );
     6582}