Ticket #5586: 5586.9.diff

wp-admin/includes/class-wp-filesystem-direct.php

@@ -271 +271 @@
                 foreach($filelist as $filename=>$det){
                         if ( '/' == substr($filename,-1,1) )
                                 $this->rmdir($path.'/'.$filename,$recursive);
-                        @rmdir($entry);
+                        @rmdir($filename);
                 }
                 return @rmdir($path);
         }
@@ -333 +333 @@
                 return;
         }
 }
-?>
- No newline at end of file
+?>

wp-admin/includes/class-wp-filesystem-ftpext.php

@@ -132 +132 @@
         }
         function get_contents($file,$type='',$resumepos=0){
                 if( empty($type) ){
-                        $extension = substr(strrchr($filename, "."), 1);
+                        $extension = substr(strrchr($file, "."), 1);
                         $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_ASCII;
                 }
                 $temp = tmpfile();
@@ -348 +348 @@
         }
         function rmdir($path,$recursive=false){
                 if( ! $recursive )
-                        return @ftp_rmdir($this->link, $file);
+                        return @ftp_rmdir($this->link, $path);
 
                 //TODO: Recursive Directory delete, Have to delete files from the folder first.
                 //$dir = $this->dirlist($path);

wp-admin/includes/class-wp-filesystem-ftpsockets.php

@@ -139 +139 @@
                         return false;
 
                 if( empty($type) ){
-                        $extension = substr(strrchr($filename, "."), 1);
+                        $extension = substr(strrchr($file, "."), 1);
                         $type = isset($this->filetypes[ $extension ]) ? $this->filetypes[ $extension ] : FTP_AUTOASCII;
                 }
                 $this->ftp->SetType($type);
@@ -376 +376 @@
 
         function rmdir($path,$recursive=false){
                 if( ! $recursive )
-                        return $this->ftp->rmdir($file);
+                        return $this->ftp->rmdir($path);
 
                 return $this->ftp->mdel($path);
         }

wp-admin/includes/file.php

@@ -231 +231 @@
 
         // Is the archive valid?
         if ( false == ($archive_files = $archive->extract(PCLZIP_OPT_EXTRACT_AS_STRING)) )
-                return new WP_Error('incompatible_archive', __('Incompatible archive'), $archive->error_string);
+                return new WP_Error('incompatible_archive', __('Incompatible archive'), $archive->errorInfo(true));
 
         if ( 0 == count($archive_files) )
                 return new WP_Error('empty_archive', __('Empty archive'));
@@ -240 +240 @@
         $path = explode('/', $to);
         $tmppath = '';
         for ( $j = 0; $j < count($path) - 1; $j++ ) {
-                $prevpath = $tmppath;
                 $tmppath .= $path[$j] . '/';
-                if ( ! $fs->is_dir($tmppath) ) {
-                        //$fs->setDefaultPermissions( $fs->getchmod($tmppath) );
+                if ( ! $fs->is_dir($tmppath) )
                         $fs->mkdir($tmppath, 0755);
-                }
         }
 
         foreach ($archive_files as $file) {

wp-admin/includes/update.php

@@ -114 +114 @@
         $r = $current->response[ $file ];
 
         echo "<tr><td colspan='5' class='plugin-update'>";
-        printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a> or <a href="%4$s">upgrade automatically</a>.'), $plugin_data['Name'], $r->url, $r->new_version, "update.php?action=upgrade-plugin&amp;plugin=$file" );
+        printf( __('There is a new version of %1$s available. <a href="%2$s">Download version %3$s here</a> or <a href="%4$s">upgrade automatically</a>.'), $plugin_data['Name'], $r->url, $r->new_version, wp_nonce_url("update.php?action=upgrade-plugin&amp;plugin=$file", 'upgrade-plugin_' . $file) );
         echo "</td></tr>";
 }
 add_action( 'after_plugin_row', 'wp_plugin_update_row' );
@@ -154 +154 @@
 
         // Download the package
         $package = $r->package;
-        apply_filters('update_feedback', sprintf(__("Downloading update from %s"), $package));
+        apply_filters('update_feedback', sprintf(__('Downloading update from %s'), $package));
         $file = download_url($package);
 
         if ( !$file )
                 return new WP_Error('download_failed', __('Download failed.'));
 
-        $name = basename($plugin, '.php');
-        $working_dir = $base . 'wp-content/upgrade/' . $name;
+        $working_dir = $base . 'wp-content/upgrade/' . basename($plugin, '.php');
 
         // Clean up working directory
-        if ( is_dir($working_dir) )
+        if ( $wp_filesystem->is_dir($working_dir) )
                 $wp_filesystem->delete($working_dir, true);
 
-        apply_filters('update_feedback', __("Unpacking the update"));
+        apply_filters('update_feedback', __('Unpacking the update'));
         // Unzip package to working directory
         $result = unzip_file($file, $working_dir);
         if ( is_wp_error($result) ) {
@@ -180 +179 @@
         unlink($file);
 
         // Remove the existing plugin.
-        apply_filters('update_feedback', __("Removing the old version of the plugin"));
+        apply_filters('update_feedback', __('Removing the old version of the plugin'));
         $plugin_dir = dirname($base . PLUGINDIR . "/$plugin");
         $plugin_dir = trailingslashit($plugin_dir);
+        
         // If plugin is in its own directory, recursively delete the directory.
-        if( ! in_array( $plugin_dir, array('.', trailingslashit($base . PLUGINDIR) ) ) )
+        if( strpos($plugin, '/') && $plugin_dir != $base . PLUGINDIR . '/' )
                 $deleted = $wp_filesystem->delete($plugin_dir, true);
         else
                 $deleted = $wp_filesystem->delete($base . PLUGINDIR . "/$plugin");
+
         if ( !$deleted ) {
                 $wp_filesystem->delete($working_dir, true);
                 return new WP_Error('delete_failed', __('Could not remove the old plugin'));
         }
 
-        apply_filters('update_feedback', __("Installing the latest version"));
+        apply_filters('update_feedback', __('Installing the latest version'));
         // Copy new version of plugin into place.
         if ( !copy_dir($working_dir, $base . PLUGINDIR) ) {
-                //$wp_filesystem->delete($working_dir, true);
+                //$wp_filesystem->delete($working_dir, true); //TODO: Uncomment? This DOES mean that the new files are available in the upgrade folder if it fails.
                 return new WP_Error('install_failed', __('Installation failed'));
         }
 
@@ -207 +208 @@
         delete_option('update_plugins');
 }
 
-?>
+?>
+ No newline at end of file

wp-admin/update.php

@@ -5 +5 @@
 if ( !current_user_can('edit_plugins') )
                 wp_die('<p>'.__('You do not have sufficient permissions to update plugins for this blog.').'</p>');
 
-function request_filesystem_credentials($form_post, $type = '') {
+function request_filesystem_credentials($form_post, $type = '', $error = false) {
         if ( empty($type) )
                 $type = get_filesystem_method();
 
         if ( 'direct' == $type )
                 return array();
 
-        if ( !empty($_POST['password']) && !empty($_POST['username']) && !empty($_POST['hostname']) ) {
+        if ( ! $error && !empty($_POST['password']) && !empty($_POST['username']) && !empty($_POST['hostname']) ) {
                 $credentials = array('hostname' => $_POST['hostname'], 'username' => $_POST['username'],
                         'password' => $_POST['password'], 'ssl' => $_POST['ssl']);
                 $stored_credentials = $credentials;
@@ -26 +26 @@
         $ssl = '';
         if ( $credentials = get_option('ftp_credentials') )
                 extract($credentials, EXTR_OVERWRITE);
+        if( $error ){
+                echo '<div id="message" class="error"><p>' . __('<strong>Error:</strong> There was an error connecting to the server, Please verify the settings are correct.') . '</p></div>';
+        }
 ?>
 <form action="<?php echo $form_post ?>" method="post">
 <div class="wrap">
@@ -42 +45 @@
 </tr>
 <tr valign="top">
 <th scope="row"><?php _e('Password:') ?></th>
-<td><input name="password" type="text" id="password" value="<?php echo attribute_escape($password) ?>" size="40" /></td>
+<td><input name="password" type="password" id="password" value="<?php echo attribute_escape($password) ?>" size="40" /></td>
 </tr>
 <tr valign="top">
 <th scope="row"><?php _e('Use SSL:') ?></th>
@@ -80 +83 @@
 function do_plugin_upgrade($plugin) {
         global $wp_filesystem;
 
-        $credentials = request_filesystem_credentials("update.php?action=upgrade-plugin&plugin=$plugin");
-        if ( false === $credentials )
+        $url = wp_nonce_url("update.php?action=upgrade-plugin&plugin=$plugin", "upgrade-plugin_$plugin");
+        if ( false === ($credentials = request_filesystem_credentials($url)) )
                 return;
+                
+        if( ! WP_Filesystem($credentials) ){
+                request_filesystem_credentials($url, '', true); //Failed to connect, Error and request again
+                return;
+        }
+                
         echo '<div class="wrap">';
         echo '<h2>' . __('Upgrade Plugin') . '</h2>';
-        WP_Filesystem($credentials);
-        // TODO: look for auth and connect error codes and direct back to credentials form.
         if ( $wp_filesystem->errors->get_error_code() ) {
                 foreach ( $wp_filesystem->errors->get_error_messages() as $message )
                         show_message($message);
@@ -108 +115 @@
                 $plugin = trim($_GET['plugin']);
 
         if ( 'upgrade-plugin' == $_GET['action'] ) {
-                //check-admin_referer('upgrade-plugin_' . $plugin);
+                check_admin_referer('upgrade-plugin_' . $plugin);
                 $title = __('Upgrade Plugin');
                 $parent_file = 'plugins.php';
                 require_once('admin-header.php');
                 do_plugin_upgrade($plugin);
                 include('admin-footer.php');
         }
-
 }
 
-?>
- No newline at end of file
+?>