Context Navigation

← Previous Changeset
Next Changeset →

Changeset 19707

Timestamp:

01/08/2012 03:48:05 AM (13 years ago)

Author:

dd32

Message:

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

Location:

trunk

Files:

: 3 edited

wp-admin/includes/plugin-install.php (modified) (1 diff)
wp-admin/includes/theme.php (modified) (1 diff)
wp-includes/update.php (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-admin/includes/plugin-install.php

-                      r19627
+                      r19707
             $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
         } else {
             $res = unserialize( wp_remote_retrieve_body( $request ) );
             if ( false === $res )
                 $res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
+            $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
+            if ( ! is_object( $res ) && ! is_array( $res ) )
+                $res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
+        }
     } elseif ( !is_wp_error($res) ) {

trunk/wp-admin/includes/theme.php

-                      r19684
+                      r19707
             $res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
         } else {
             $res = unserialize( wp_remote_retrieve_body( $request ) );
             if ( ! $res )
             $res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
+        }
+    }
+    //var_dump(array($args, $res));
+            $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
+            if ( ! is_object( $res ) && ! is_array( $res ) )
+                $res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
+        }
+    }
     return apply_filters('themes_api_result', $res, $action, $args);
+}

trunk/wp-includes/update.php

-                      r19693
+                      r19707
     $body = trim( wp_remote_retrieve_body( $response ) );
+    if ( ! $body = maybe_unserialize( $body ) )
+        return false;
+    if ( ! isset( $body['offers'] ) )
+        return false;
+    $body = maybe_unserialize( $body );
+    if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
+        return false;
     $offers = $body['offers'];
 …
         return false;
     $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
     if ( false !== $response )
+    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
+    if ( is_array( $response ) )
         $new_option->response = $response;
     else
 …
     $new_update->checked = $checked;
     $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
     if ( false !== $response )
+    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
+    if ( is_array( $response ) )
         $new_update->response = $response;

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core