WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/04/2024 07:28:21 PM (15 months ago)
Author:
jorbin
Message:

Upload: Fallback to PclZip to validate ZIP file uploads.

ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.

This introduces the new function wp_zip_file_is_valid() to validate archives.

Follow up to [57388].

Reviewed by jorbin.
Merges [57537] to the 6.4 branch.

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398.

Location:
branches/6.4
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/6.4

  • branches/6.4/src/wp-admin/includes/class-file-upload-upgrader.php

    r57390 r57929  
    7171
    7272            if ( 'pluginzip' === $form || 'themezip' === $form ) {
    73                 $archive_is_valid = false;
    74 
    75                 /** This filter is documented in wp-admin/includes/file.php */
    76                 if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
    77                     $archive          = new ZipArchive();
    78                     $archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
    79 
    80                     if ( true === $archive_is_valid ) {
    81                         $archive->close();
    82                     }
    83                 } else {
    84                     require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
    85 
    86                     $archive          = new PclZip( $file['file'] );
    87                     $archive_is_valid = is_array( $archive->properties() );
    88                 }
    89 
    90                 if ( true !== $archive_is_valid ) {
     73                if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
    9174                    wp_delete_file( $file['file'] );
    9275                    wp_die( __( 'Incompatible Archive.' ) );
Note: See TracChangeset for help on using the changeset viewer.