Context Navigation

← Previous Change
Next Change →

plugin-install.php

Timestamp:

01/08/2012 03:48:05 AM (14 years ago)

Author:

dd32

Message:

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

File:

: 1 edited

trunk/wp-admin/includes/plugin-install.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-admin/includes/plugin-install.php

-                      r19627
+                      r19707
             $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
         } else {
             $res = unserialize( wp_remote_retrieve_body( $request ) );
             if ( false === $res )
                 $res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
+            $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
+            if ( ! is_object( $res ) && ! is_array( $res ) )
+                $res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
+        }
     } elseif ( !is_wp_error($res) ) {

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core

Context Navigation

Changeset 19707 for trunk/wp-admin/includes/plugin-install.php

Legend:

trunk/wp-admin/includes/plugin-install.php

Download in other formats: