Changeset 50700
- Timestamp:
- 04/12/2021 06:17:37 PM (3 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/file.php
r50505 r50700 147 147 148 148 $dir = @opendir( $folder ); 149 149 150 if ( $dir ) { 150 151 while ( ( $file = readdir( $dir ) ) !== false ) { … … 370 371 return new WP_Error( 'missing_file' ); 371 372 } 372 $file = $args['file']; 373 if ( 0 !== validate_file( $ file) ) {373 374 if ( 0 !== validate_file( $args['file'] ) ) { 374 375 return new WP_Error( 'bad_file' ); 375 376 } … … 378 379 return new WP_Error( 'missing_content' ); 379 380 } 380 $content = $args['newcontent'];381 381 382 382 if ( ! isset( $args['nonce'] ) ) { 383 383 return new WP_Error( 'missing_nonce' ); 384 384 } 385 386 $file = $args['file']; 387 $content = $args['newcontent']; 385 388 386 389 $plugin = null; 387 390 $theme = null; 388 391 $real_file = null; 392 389 393 if ( ! empty( $args['plugin'] ) ) { 390 394 $plugin = $args['plugin']; … … 418 422 } elseif ( ! empty( $args['theme'] ) ) { 419 423 $stylesheet = $args['theme']; 424 420 425 if ( 0 !== validate_file( $stylesheet ) ) { 421 426 return new WP_Error( 'bad_theme_path' ); … … 495 500 496 501 $f = fopen( $real_file, 'w+' ); 502 497 503 if ( false === $f ) { 498 504 return new WP_Error( 'file_not_writable' ); … … 501 507 $written = fwrite( $f, $content ); 502 508 fclose( $f ); 509 503 510 if ( false === $written ) { 504 511 return new WP_Error( 'unable_to_write', __( 'Unable to write to file.' ) ); … … 576 583 577 584 $result = null; 585 578 586 if ( false === $scrape_result_position ) { 579 587 $result = $loopback_request_failure; … … 610 618 611 619 if ( true !== $result ) { 612 613 620 // Roll-back file change. 614 621 file_put_contents( $real_file, $previous_content ); … … 621 628 unset( $result['message'] ); 622 629 } 630 623 631 return new WP_Error( 'php_error', $message, $result ); 624 632 } … … 672 680 673 681 $fp = @fopen( $temp_filename, 'x' ); 682 674 683 if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) { 675 684 return wp_tempnam( $filename, $dir ); 676 685 } 686 677 687 if ( $fp ) { 678 688 fclose( $fp ); … … 847 857 848 858 // A correct form post will pass this test. 849 if ( $test_form && ( ! isset( $_POST['action'] ) || ( $_POST['action'] != $action )) ) {859 if ( $test_form && ( ! isset( $_POST['action'] ) || $_POST['action'] !== $action ) ) { 850 860 return call_user_func_array( $upload_error_handler, array( &$file, __( 'Invalid form submission.' ) ) ); 851 861 } 862 852 863 // A successful upload will pass this test. It makes no sense to override this one. 853 864 if ( isset( $file['error'] ) && $file['error'] > 0 ) { … … 875 886 ); 876 887 } 888 877 889 return call_user_func_array( $upload_error_handler, array( &$file, $error_msg ) ); 878 890 } … … 889 901 $file['name'] = $proper_filename; 890 902 } 903 891 904 if ( ( ! $type || ! $ext ) && ! current_user_can( 'unfiltered_upload' ) ) { 892 905 return call_user_func_array( $upload_error_handler, array( &$file, __( 'Sorry, this file type is not permitted for security reasons.' ) ) ); 893 906 } 907 894 908 if ( ! $type ) { 895 909 $type = $file['type']; … … 944 958 $error_path = basename( $uploads['basedir'] ) . $uploads['subdir']; 945 959 } 960 946 961 return $upload_error_handler( 947 962 $file, … … 1079 1094 $tmpfname = wp_tempnam( $url_filename ); 1080 1095 if ( ! $tmpfname ) { 1081 return new WP_Error( 'http_no_file', __( 'Could not create Temporary file.' ) );1096 return new WP_Error( 'http_no_file', __( 'Could not create temporary file.' ) ); 1082 1097 } 1083 1098 … … 1098 1113 $response_code = wp_remote_retrieve_response_code( $response ); 1099 1114 1100 if ( 200 != $response_code ) {1115 if ( 200 !== $response_code ) { 1101 1116 $data = array( 1102 1117 'code' => $response_code, … … 1105 1120 // Retrieve a sample of the response body for debugging purposes. 1106 1121 $tmpf = fopen( $tmpfname, 'rb' ); 1122 1107 1123 if ( $tmpf ) { 1108 1124 /** … … 1116 1132 */ 1117 1133 $response_size = apply_filters( 'download_url_error_max_body_size', KB_IN_BYTES ); 1118 $data['body'] = fread( $tmpf, $response_size ); 1134 1135 $data['body'] = fread( $tmpf, $response_size ); 1119 1136 fclose( $tmpf ); 1120 1137 } 1121 1138 1122 1139 unlink( $tmpfname ); 1140 1123 1141 return new WP_Error( 'http_404', trim( wp_remote_retrieve_response_message( $response ) ), $data ); 1124 1142 } 1125 1143 1126 1144 $content_md5 = wp_remote_retrieve_header( $response, 'content-md5' ); 1145 1127 1146 if ( $content_md5 ) { 1128 1147 $md5_check = verify_file_md5( $tmpfname, $content_md5 ); 1148 1129 1149 if ( is_wp_error( $md5_check ) ) { 1130 1150 unlink( $tmpfname ); … … 1142 1162 * @param string[] $hostnames List of hostnames. 1143 1163 */ 1144 $signed_hostnames = apply_filters( 'wp_signature_hosts', array( 'wordpress.org', 'downloads.wordpress.org', 's.w.org' ) ); 1164 $signed_hostnames = apply_filters( 'wp_signature_hosts', array( 'wordpress.org', 'downloads.wordpress.org', 's.w.org' ) ); 1165 1145 1166 $signature_verification = in_array( parse_url( $url, PHP_URL_HOST ), $signed_hostnames, true ); 1146 1167 } … … 1149 1170 if ( $signature_verification ) { 1150 1171 $signature = wp_remote_retrieve_header( $response, 'x-content-signature' ); 1172 1151 1173 if ( ! $signature ) { 1152 1174 // Retrieve signatures from a file if the header wasn't included. … … 1226 1248 */ 1227 1249 function verify_file_md5( $filename, $expected_md5 ) { 1228 if ( 32 == strlen( $expected_md5 ) ) {1250 if ( 32 === strlen( $expected_md5 ) ) { 1229 1251 $expected_raw_md5 = pack( 'H*', $expected_md5 ); 1230 } elseif ( 24 == strlen( $expected_md5 ) ) {1252 } elseif ( 24 === strlen( $expected_md5 ) ) { 1231 1253 $expected_raw_md5 = base64_decode( $expected_md5 ); 1232 1254 } else { … … 1288 1310 // Sodium_Compat isn't compatible with PHP 7.2.0~7.2.2 due to a bug in the PHP Opcache extension, bail early as it'll fail. 1289 1311 // https://bugs.php.net/bug.php?id=75938 1290 1291 1312 return new WP_Error( 1292 1313 'signature_verification_unsupported', … … 1302 1323 ) 1303 1324 ); 1304 1305 1325 } 1306 1326 … … 1537 1557 1538 1558 $zopen = $z->open( $file, ZIPARCHIVE::CHECKCONS ); 1559 1539 1560 if ( true !== $zopen ) { 1540 1561 return new WP_Error( 'incompatible_archive', __( 'Incompatible Archive.' ), array( 'ziparchive_error' => $zopen ) ); … … 1545 1566 for ( $i = 0; $i < $z->numFiles; $i++ ) { 1546 1567 $info = $z->statIndex( $i ); 1568 1547 1569 if ( ! $info ) { 1548 1570 return new WP_Error( 'stat_failed_ziparchive', __( 'Could not retrieve file from archive.' ) ); … … 1578 1600 if ( wp_doing_cron() ) { 1579 1601 $available_space = @disk_free_space( WP_CONTENT_DIR ); 1602 1580 1603 if ( $available_space && ( $uncompressed_size * 2.1 ) > $available_space ) { 1581 return new WP_Error( 'disk_full_unzip_file', __( 'Could not copy files. You may have run out of disk space.' ), compact( 'uncompressed_size', 'available_space' ) ); 1604 return new WP_Error( 1605 'disk_full_unzip_file', 1606 __( 'Could not copy files. You may have run out of disk space.' ), 1607 compact( 'uncompressed_size', 'available_space' ) 1608 ); 1582 1609 } 1583 1610 } 1584 1611 1585 1612 $needed_dirs = array_unique( $needed_dirs ); 1613 1586 1614 foreach ( $needed_dirs as $dir ) { 1587 1615 // Check the parent folders of the folders all exist within the creation array. 1588 if ( untrailingslashit( $to ) == $dir ) { // Skip over the working directory, we know this exists (or will exist).1616 if ( untrailingslashit( $to ) === $dir ) { // Skip over the working directory, we know this exists (or will exist). 1589 1617 continue; 1590 1618 } 1619 1591 1620 if ( strpos( $dir, $to ) === false ) { // If the directory is not within the working directory, skip it. 1592 1621 continue; … … 1594 1623 1595 1624 $parent_folder = dirname( $dir ); 1596 while ( ! empty( $parent_folder ) && untrailingslashit( $to ) != $parent_folder && ! in_array( $parent_folder, $needed_dirs, true ) ) { 1625 1626 while ( ! empty( $parent_folder ) 1627 && untrailingslashit( $to ) !== $parent_folder 1628 && ! in_array( $parent_folder, $needed_dirs, true ) 1629 ) { 1597 1630 $needed_dirs[] = $parent_folder; 1598 1631 $parent_folder = dirname( $parent_folder ); 1599 1632 } 1600 1633 } 1634 1601 1635 asort( $needed_dirs ); 1602 1636 … … 1612 1646 for ( $i = 0; $i < $z->numFiles; $i++ ) { 1613 1647 $info = $z->statIndex( $i ); 1648 1614 1649 if ( ! $info ) { 1615 1650 return new WP_Error( 'stat_failed_ziparchive', __( 'Could not retrieve file from archive.' ) ); … … 1630 1665 1631 1666 $contents = $z->getFromIndex( $i ); 1667 1632 1668 if ( false === $contents ) { 1633 1669 return new WP_Error( 'extract_failed_ziparchive', __( 'Could not extract file from archive.' ), $info['name'] ); … … 1705 1741 if ( wp_doing_cron() ) { 1706 1742 $available_space = @disk_free_space( WP_CONTENT_DIR ); 1743 1707 1744 if ( $available_space && ( $uncompressed_size * 2.1 ) > $available_space ) { 1708 return new WP_Error( 'disk_full_unzip_file', __( 'Could not copy files. You may have run out of disk space.' ), compact( 'uncompressed_size', 'available_space' ) ); 1745 return new WP_Error( 1746 'disk_full_unzip_file', 1747 __( 'Could not copy files. You may have run out of disk space.' ), 1748 compact( 'uncompressed_size', 'available_space' ) 1749 ); 1709 1750 } 1710 1751 } 1711 1752 1712 1753 $needed_dirs = array_unique( $needed_dirs ); 1754 1713 1755 foreach ( $needed_dirs as $dir ) { 1714 1756 // Check the parent folders of the folders all exist within the creation array. 1715 if ( untrailingslashit( $to ) == $dir ) { // Skip over the working directory, we know this exists (or will exist).1757 if ( untrailingslashit( $to ) === $dir ) { // Skip over the working directory, we know this exists (or will exist). 1716 1758 continue; 1717 1759 } 1760 1718 1761 if ( strpos( $dir, $to ) === false ) { // If the directory is not within the working directory, skip it. 1719 1762 continue; … … 1721 1764 1722 1765 $parent_folder = dirname( $dir ); 1723 while ( ! empty( $parent_folder ) && untrailingslashit( $to ) != $parent_folder && ! in_array( $parent_folder, $needed_dirs, true ) ) { 1766 1767 while ( ! empty( $parent_folder ) 1768 && untrailingslashit( $to ) !== $parent_folder 1769 && ! in_array( $parent_folder, $needed_dirs, true ) 1770 ) { 1724 1771 $needed_dirs[] = $parent_folder; 1725 1772 $parent_folder = dirname( $parent_folder ); 1726 1773 } 1727 1774 } 1775 1728 1776 asort( $needed_dirs ); 1729 1777 … … 1756 1804 } 1757 1805 } 1806 1758 1807 return true; 1759 1808 } … … 1795 1844 // If copy failed, chmod file to 0644 and try again. 1796 1845 $wp_filesystem->chmod( $to . $filename, FS_CHMOD_FILE ); 1846 1797 1847 if ( ! $wp_filesystem->copy( $from . $filename, $to . $filename, true, FS_CHMOD_FILE ) ) { 1798 1848 return new WP_Error( 'copy_failed_copy_dir', __( 'Could not copy file.' ), $to . $filename ); … … 1810 1860 // Generate the $sub_skip_list for the subdirectory as a sub-set of the existing $skip_list. 1811 1861 $sub_skip_list = array(); 1862 1812 1863 foreach ( $skip_list as $skip_item ) { 1813 1864 if ( 0 === strpos( $skip_item, $filename . '/' ) ) { … … 1817 1868 1818 1869 $result = copy_dir( $from . $filename, $to . $filename, $sub_skip_list ); 1870 1819 1871 if ( is_wp_error( $result ) ) { 1820 1872 return $result; … … 1948 2000 1949 2001 // If the directory doesn't exist (wp-content/languages) then use the parent directory as we'll create it. 1950 if ( WP_LANG_DIR == $context && ! is_dir( $context ) ) {2002 if ( WP_LANG_DIR === $context && ! is_dir( $context ) ) { 1951 2003 $context = dirname( $context ); 1952 2004 } … … 2069 2121 */ 2070 2122 $req_cred = apply_filters( 'request_filesystem_credentials', '', $form_post, $type, $error, $context, $extra_fields, $allow_relaxed_file_ownership ); 2123 2071 2124 if ( '' !== $req_cred ) { 2072 2125 return $req_cred; … … 2137 2190 $credentials['connection_type'] = 'ftp'; 2138 2191 } 2192 2139 2193 if ( ! $error 2140 && ( ( ! empty( $credentials['password'] ) && ! empty( $credentials['username'] ) && ! empty( $credentials['hostname'] ))2141 || ( 'ssh' === $credentials['connection_type'] && ! empty( $credentials['public_key'] ) && ! empty( $credentials['private_key'] ))2194 && ( ! empty( $credentials['hostname'] ) && ! empty( $credentials['username'] ) && ! empty( $credentials['password'] ) 2195 || 'ssh' === $credentials['connection_type'] && ! empty( $credentials['public_key'] ) && ! empty( $credentials['private_key'] ) 2142 2196 ) 2143 2197 ) { … … 2148 2202 } 2149 2203 2150 unset( $stored_credentials['password'], $stored_credentials['port'], $stored_credentials['private_key'], $stored_credentials['public_key'] ); 2204 unset( 2205 $stored_credentials['password'], 2206 $stored_credentials['port'], 2207 $stored_credentials['private_key'], 2208 $stored_credentials['public_key'] 2209 ); 2151 2210 2152 2211 if ( ! wp_installing() ) { … … 2156 2215 return $credentials; 2157 2216 } 2217 2158 2218 $hostname = isset( $credentials['hostname'] ) ? $credentials['hostname'] : ''; 2159 2219 $username = isset( $credentials['username'] ) ? $credentials['username'] : ''; … … 2196 2256 */ 2197 2257 $types = apply_filters( 'fs_ftp_connection_types', $types, $credentials, $type, $error, $context ); 2198 2199 2258 ?> 2200 2259 <form action="<?php echo esc_url( $form_post ); ?>" method="post">
Note: See TracChangeset
for help on using the changeset viewer.