Changeset 19707 for trunk/wp-includes/update.php

Timestamp:

01/08/2012 03:48:05 AM (14 years ago)

Author:

dd32

Message:

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

File:

• trunk/wp-includes/update.php (modified) (3 diffs)

trunk/wp-includes/update.php

@@ -92 +92 @@
 
     $body = trim( wp_remote_retrieve_body( $response ) );
-    if ( ! $body = maybe_unserialize( $body ) )
-        return false;
-    if ( ! isset( $body['offers'] ) )
-        return false;
+    $body = maybe_unserialize( $body );
+
+    if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
+        return false;
+
     $offers = $body['offers'];
 
@@ -206 +207 @@
         return false;
 
-    $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
-
-    if ( false !== $response )
+    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
+
+    if ( is_array( $response ) )
         $new_option->response = $response;
     else
@@ -320 +321 @@
     $new_update->checked = $checked;
 
-    $response = unserialize( wp_remote_retrieve_body( $raw_response ) );
-    if ( false !== $response )
+    $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
+    if ( is_array( $response ) )
         $new_update->response = $response;