Changeset 45262 for trunk/src/wp-admin/includes/class-wp-upgrader.php

Timestamp:

04/24/2019 07:43:29 AM (4 years ago)

Author:

tellyworth

Message:

Upgrade/install: fix verification bugs and scale back signature checks.

This fixes several bugs in the signature verification code:
Disables signature checks on certain incompatible PHP versions that cause math errors when opcache is enabled;
Prevents a spurious URL and subsequent error when downloading a zip file with query arguments;
Prevents errors triggered by third-party upgrade scripts as per #46615;
Disables signature tests for Plugins, Themes, and Translations, leaving only core updates.

At the 5.2 release the API servers will only provide signatures for core update packages, which is why messages are suppressed for plugins and other package types. Signatures for those other items will become available later.

Props dd32.
See #39309, #46615

File:

• trunk/src/wp-admin/includes/class-wp-upgrader.php (modified) (3 diffs)

trunk/src/wp-admin/includes/class-wp-upgrader.php

@@ -245 +245 @@
      * @since 2.8.0
      *
-     * @param string $package The URI of the package. If this is the full path to an
-     *                        existing local file, it will be returned untouched.
+     * @param string $package          The URI of the package. If this is the full path to an
+     *                                 existing local file, it will be returned untouched.
+     * @param bool   $check_signatures Whether to validate file signatures. Default false.
      * @return string|WP_Error The full path to the downloaded package file, or a WP_Error object.
      */
-    public function download_package( $package ) {
+    public function download_package( $package, $check_signatures = false ) {
 
         /**
@@ -276 +277 @@
         $this->skin->feedback( 'downloading_package', $package );
 
-        $download_file = download_url( $package, 300, true );
+        $download_file = download_url( $package, 300, $check_signatures );
 
         if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) {
@@ -731 +732 @@
          * of the file if the package is a local file)
          */
-        $download = $this->download_package( $options['package'] );
+        $download = $this->download_package( $options['package'], true );
 
         // Allow for signature soft-fail.
         // WARNING: This may be removed in the future.
         if ( is_wp_error( $download ) && $download->get_error_data( 'softfail-filename' ) ) {
-            // Outout the failure error as a normal feedback, and not as an error:
-            $this->skin->feedback( $download->get_error_message() );
-
-            // Report this failure back to WordPress.org for debugging purposes.
-            wp_version_check(
-                array(
-                    'signature_failure_code' => $download->get_error_code(),
-                    'signature_failure_data' => $download->get_error_data(),
-                )
-            );
+
+            // Don't output the 'no signature could be found' failure message for now.
+            if ( 'signature_verification_no_signature' != $download->get_error_code() || WP_DEBUG ) {
+                // Outout the failure error as a normal feedback, and not as an error:
+                $this->skin->feedback( $download->get_error_message() );
+
+                // Report this failure back to WordPress.org for debugging purposes.
+                wp_version_check(
+                    array(
+                        'signature_failure_code' => $download->get_error_code(),
+                        'signature_failure_data' => $download->get_error_data(),
+                    )
+                );
+            }
 
             // Pretend this error didn't happen.