Make WordPress Core

Changeset 57537


Ignore:
Timestamp:
02/05/2024 10:21:35 PM (7 months ago)
Author:
peterwilsoncc
Message:

Upload: Fallback to PclZip to validate ZIP file uploads.

ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.

This introduces the new function wp_zip_file_is_valid() to validate archives.

Follow up to [57388].

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398.

Location:
trunk
Files:
15 added
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-file-upload-upgrader.php

    r57388 r57537  
    7171
    7272            if ( 'pluginzip' === $form || 'themezip' === $form ) {
    73                 $archive_is_valid = false;
    74 
    75                 /** This filter is documented in wp-admin/includes/file.php */
    76                 if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
    77                     $archive          = new ZipArchive();
    78                     $archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
    79 
    80                     if ( true === $archive_is_valid ) {
    81                         $archive->close();
    82                     }
    83                 } else {
    84                     require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
    85 
    86                     $archive          = new PclZip( $file['file'] );
    87                     $archive_is_valid = is_array( $archive->properties() );
    88                 }
    89 
    90                 if ( true !== $archive_is_valid ) {
     73                if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
    9174                    wp_delete_file( $file['file'] );
    9275                    wp_die( __( 'Incompatible Archive.' ) );
  • trunk/src/wp-admin/includes/file.php

    r57027 r57537  
    15651565
    15661566/**
     1567 * Determines whether the given file is a valid ZIP file.
     1568 *
     1569 * This function does not test to ensure that a file exists. Non-existent files
     1570 * are not valid ZIPs, so those will also return false.
     1571 *
     1572 * @since 6.4.4
     1573 *
     1574 * @param string $file Full path to the ZIP file.
     1575 * @return bool Whether the file is a valid ZIP file.
     1576 */
     1577function wp_zip_file_is_valid( $file ) {
     1578    /** This filter is documented in wp-admin/includes/file.php */
     1579    if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
     1580        $archive          = new ZipArchive();
     1581        $archive_is_valid = $archive->open( $file, ZipArchive::CHECKCONS );
     1582        if ( true === $archive_is_valid ) {
     1583            $archive->close();
     1584            return true;
     1585        }
     1586    }
     1587
     1588    // Fall through to PclZip if ZipArchive is not available, or encountered an error opening the file.
     1589    require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
     1590
     1591    $archive          = new PclZip( $file );
     1592    $archive_is_valid = is_array( $archive->properties() );
     1593
     1594    return $archive_is_valid;
     1595}
     1596
     1597/**
    15671598 * Unzips a specified ZIP file to a location on the filesystem via the WordPress
    15681599 * Filesystem Abstraction.
Note: See TracChangeset for help on using the changeset viewer.