WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/24/2019 07:43:29 AM (6 months ago)
Author:
tellyworth
Message:

Upgrade/install: fix verification bugs and scale back signature checks.

This fixes several bugs in the signature verification code:
Disables signature checks on certain incompatible PHP versions that cause math errors when opcache is enabled;
Prevents a spurious URL and subsequent error when downloading a zip file with query arguments;
Prevents errors triggered by third-party upgrade scripts as per #46615;
Disables signature tests for Plugins, Themes, and Translations, leaving only core updates.

At the 5.2 release the API servers will only provide signatures for core update packages, which is why messages are suppressed for plugins and other package types. Signatures for those other items will become available later.

Props dd32.
See #39309, #46615

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-upgrader.php

    r44954 r45262  
    245245     * @since 2.8.0
    246246     *
    247      * @param string $package The URI of the package. If this is the full path to an
    248      *                        existing local file, it will be returned untouched.
     247     * @param string $package          The URI of the package. If this is the full path to an
     248     *                                 existing local file, it will be returned untouched.
     249     * @param bool   $check_signatures Whether to validate file signatures. Default false.
    249250     * @return string|WP_Error The full path to the downloaded package file, or a WP_Error object.
    250251     */
    251     public function download_package( $package ) {
     252    public function download_package( $package, $check_signatures = false ) {
    252253
    253254        /**
     
    276277        $this->skin->feedback( 'downloading_package', $package );
    277278
    278         $download_file = download_url( $package, 300, true );
     279        $download_file = download_url( $package, 300, $check_signatures );
    279280
    280281        if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) {
     
    731732         * of the file if the package is a local file)
    732733         */
    733         $download = $this->download_package( $options['package'] );
     734        $download = $this->download_package( $options['package'], true );
    734735
    735736        // Allow for signature soft-fail.
    736737        // WARNING: This may be removed in the future.
    737738        if ( is_wp_error( $download ) && $download->get_error_data( 'softfail-filename' ) ) {
    738             // Outout the failure error as a normal feedback, and not as an error:
    739             $this->skin->feedback( $download->get_error_message() );
    740 
    741             // Report this failure back to WordPress.org for debugging purposes.
    742             wp_version_check(
    743                 array(
    744                     'signature_failure_code' => $download->get_error_code(),
    745                     'signature_failure_data' => $download->get_error_data(),
    746                 )
    747             );
     739
     740            // Don't output the 'no signature could be found' failure message for now.
     741            if ( 'signature_verification_no_signature' != $download->get_error_code() || WP_DEBUG ) {
     742                // Outout the failure error as a normal feedback, and not as an error:
     743                $this->skin->feedback( $download->get_error_message() );
     744
     745                // Report this failure back to WordPress.org for debugging purposes.
     746                wp_version_check(
     747                    array(
     748                        'signature_failure_code' => $download->get_error_code(),
     749                        'signature_failure_data' => $download->get_error_data(),
     750                    )
     751                );
     752            }
    748753
    749754            // Pretend this error didn't happen.
Note: See TracChangeset for help on using the changeset viewer.