Ticket #46615: 46615.2-2.diff

src/wp-admin/includes/class-core-upgrader.php

@@ -121 +121 @@
                         return new WP_Error( 'locked', $this->strings['locked'] );
                 }
 
-                $download = $this->download_package( $current->packages->$to_download );
+                $download = $this->download_package( $current->packages->$to_download, true );
 
                 // Allow for signature soft-fail.
                 // WARNING: This may be removed in the future.

src/wp-admin/includes/class-wp-upgrader.php

@@ -246 +246 @@
          *
          * @param string $package The URI of the package. If this is the full path to an
          *                        existing local file, it will be returned untouched.
+         * @param bool   $check_signatures Whether to validate signatures. Default false.
          * @return string|WP_Error The full path to the downloaded package file, or a WP_Error object.
          */
-        public function download_package( $package ) {
+        public function download_package( $package, $check_signatures = false ) {
 
                 /**
                  * Filters whether to return the package.
@@ -275 +276 @@
 
                 $this->skin->feedback( 'downloading_package', $package );
 
-                $download_file = download_url( $package, 300, true );
+                $download_file = download_url( $package, 300, ( $check_signatures ? true : null ) );
 
                 if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) {
                         return new WP_Error( 'download_failed', $this->strings['download_failed'], $download_file->get_error_message() );
@@ -730 +731 @@
                  * Download the package (Note, This just returns the filename
                  * of the file if the package is a local file)
                  */
-                $download = $this->download_package( $options['package'] );
+                $download = $this->download_package( $options['package'], true );
 
                 // Allow for signature soft-fail.
                 // WARNING: This may be removed in the future.

src/wp-admin/includes/file.php

@@ -970 +970 @@
  *
  * @param string $url                The URL of the file to download.
  * @param int    $timeout            The timeout for the request to download the file. Default 300 seconds.
- * @param bool   $signature_softfail Whether to allow Signature Verification to softfail. Default true.
+ * @param bool   $signature_softfail Whether to allow Signature Verification to softfail. Default null (No verification performed).
  * @return string|WP_Error Filename on success, WP_Error on failure.
  */
-function download_url( $url, $timeout = 300, $signature_softfail = true ) {
+function download_url( $url, $timeout = 300, $signature_softfail = null ) {
         //WARNING: The file is not automatically deleted, The script must unlink() the file.
         if ( ! $url ) {
                 return new WP_Error( 'http_no_url', __( 'Invalid URL Provided.' ) );
@@ -1045 +1045 @@
          * @param array List of hostnames.
          */
         $signed_hostnames       = apply_filters( 'wp_signature_hosts', array( 'wordpress.org', 'downloads.wordpress.org', 's.w.org' ) );
-        $signature_verification = in_array( parse_url( $url, PHP_URL_HOST ), $signed_hostnames, true );
+        $signature_verification = in_array( parse_url( $url, PHP_URL_HOST ), $signed_hostnames, true ) && ! is_null( $signature_softfail );
 
         // Perform the valiation
         if ( $signature_verification ) {