WordPress.org

Make WordPress Core

Changeset 45112


Ignore:
Timestamp:
04/05/2019 05:19:15 AM (5 months ago)
Author:
tellyworth
Message:

Upgrade/Install: Add more context in signature verify failures.

This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause.

Props dd32.
See #39309.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/file.php

    r45098 r45112  
    11551155                __( 'The authenticity of %1$s could not be verified as no signature was found.' ),
    11561156                '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
     1157            ),
     1158            array(
     1159                'filename' => $filename_for_errors,
    11571160            )
    11581161        );
     
    11641167    mbstring_binary_safe_encoding();
    11651168
     1169    $skipped_key = $skipped_signature = 0;
     1170
    11661171    foreach ( (array) $signatures as $signature ) {
    11671172        $signature_raw = base64_decode( $signature );
     
    11691174        // Ensure only valid-length signatures are considered.
    11701175        if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
     1176            $skipped_signature++;
    11711177            continue;
    11721178        }
     
    11771183            // Only pass valid public keys through.
    11781184            if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
     1185                $skipped_key++;
    11791186                continue;
    11801187            }
     
    11981205        // Error data helpful for debugging:
    11991206        array(
    1200             'filename'   => $filename_for_errors,
    1201             'keys'       => $trusted_keys,
    1202             'signatures' => $signatures,
    1203             'hash'       => bin2hex( $file_hash ),
     1207            'filename'    => $filename_for_errors,
     1208            'keys'        => $trusted_keys,
     1209            'signatures'  => $signatures,
     1210            'hash'        => bin2hex( $file_hash ),
     1211            'skipped_key' => $skipped_key,
     1212            'skipped_sig' => $skipped_signature,
     1213            'php'         => phpversion(),
     1214            'sodium'      => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
    12041215        )
    12051216    );
     
    12111222 * @since 5.2.0
    12121223 *
    1213  * @return array List of hex-encoded Signing keys.
     1224 * @return array List of base64-encoded Signing keys.
    12141225 */
    12151226function wp_trusted_keys() {
Note: See TracChangeset for help on using the changeset viewer.