WordPress.org

Make WordPress Core

Changeset 18618


Ignore:
Timestamp:
08/28/2011 03:02:48 PM (7 years ago)
Author:
dd32
Message:

First slice of rejecting invalid Plugin and Theme zip uploads (Incompatible file structure, not containing a Plugin/Theme, etc). See #14999

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r18617 r18618  
    5353        $this->strings['folder_exists'] = __('Destination folder already exists.');
    5454        $this->strings['mkdir_failed'] = __('Could not create directory.');
    55         $this->strings['bad_package'] = __('Incompatible Archive.');
     55        $this->strings['incompatible_archive'] = __('The package is corrupt or not in the correct format.');
    5656
    5757        $this->strings['maintenance_start'] = __('Enabling Maintenance mode…');
     
    154154        if ( is_wp_error($result) ) {
    155155            $wp_filesystem->delete($working_dir, true);
     156            if ( 'incompatible_archive' == $result->get_error_code() ) {
     157                return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'], $result->get_error_data() );
     158            }
    156159            return $result;
    157160        }
     
    191194            $source = trailingslashit($source) . trailingslashit($source_files[0]);
    192195        elseif ( count($source_files) == 0 )
    193             return new WP_Error('bad_package', $this->strings['bad_package']); //There are no files?
     196            return new WP_Error('incompatible_archive', $this->strings['incompatible_archive']); //There are no files?
    194197        //else //Its only a single file, The upgrader will use the foldername of this file as the destination folder. foldername is based on zip filename.
    195198
     
    392395        $this->install_strings();
    393396
     397        add_filter('upgrader_source_selection', array(&$this, 'check_package') );
     398
    394399        $this->run(array(
    395400                    'package' => $package,
     
    399404                    'hook_extra' => array()
    400405                    ));
     406
     407        remove_filter('upgrader_source_selection', array(&$this, 'check_package') );
    401408
    402409        if ( ! $this->result || is_wp_error($this->result) )
     
    534541    }
    535542
     543    function check_package($source) {
     544        global $wp_filesystem;
     545
     546        if ( is_wp_error($source) )
     547            return $source;
     548
     549        $working_directory = str_replace( $wp_filesystem->wp_content_dir(), trailingslashit(WP_CONTENT_DIR), $source);
     550        if ( ! is_dir($working_directory) ) // Sanity check, if the above fails, lets not prevent installation.
     551            return $source;
     552
     553        // Check the folder contains at least 1 valid plugin.
     554        $plugins_found = false;
     555        foreach ( glob( $working_directory . '*.php' ) as $file ) {
     556            $info = get_plugin_data($file, false, false);
     557            if ( !empty( $info['Name'] ) ) {
     558                $plugins_found = true;
     559                break;
     560            }
     561        }
     562
     563        if ( ! $plugins_found )
     564            return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'] );
     565
     566        return $source;
     567    }
     568
    536569    //return plugin info.
    537570    function plugin_info() {
     
    636669        $this->install_strings();
    637670
     671        add_filter('upgrader_source_selection', array(&$this, 'check_package') );
     672
    638673        $options = array(
    639674                        'package' => $package,
     
    644679
    645680        $this->run($options);
     681
     682        remove_filter('upgrader_source_selection', array(&$this, 'check_package') );
    646683
    647684        if ( ! $this->result || is_wp_error($this->result) )
     
    687724        $this->run($options);
    688725
     726        remove_filter('upgrader_pre_install', array(&$this, 'current_before'), 10, 2);
     727        remove_filter('upgrader_post_install', array(&$this, 'current_after'), 10, 2);
     728        remove_filter('upgrader_clear_destination', array(&$this, 'delete_old_theme'), 10, 4);
     729
    689730        if ( ! $this->result || is_wp_error($this->result) )
    690731            return $this->result;
     
    783824    }
    784825
     826    function check_package($source) {
     827        global $wp_filesystem;
     828
     829        if ( is_wp_error($source) )
     830            return $source;
     831
     832        // Check the folder contains a valid theme
     833        $working_directory = str_replace( $wp_filesystem->wp_content_dir(), trailingslashit(WP_CONTENT_DIR), $source);
     834        if ( ! is_dir($working_directory) ) // Sanity check, if the above fails, lets not prevent installation.
     835            return $source;
     836
     837        if ( ! file_exists( $working_directory . 'style.css' ) ) // A proper archive should have a style.css file in the single subdirectory
     838            return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'] );
     839
     840        $info = get_theme_data( $working_directory . 'style.css' );
     841        if ( empty($info['Name']) )
     842            return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'] );
     843
     844        if ( empty($info['Template']) && ! file_exists( $working_directory . 'index.php' ) ) // If no template is set, it must have at least an index.php to be legit.
     845            return new WP_Error( 'incompatible_archive', $this->strings['incompatible_archive'] );
     846
     847        return $source;
     848    }
     849
    785850    function current_before($return, $theme) {
    786851
     
    798863        return $return;
    799864    }
     865
    800866    function current_after($return, $theme) {
    801867        if ( is_wp_error($return) )
Note: See TracChangeset for help on using the changeset viewer.