WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
04/04/2024 07:28:21 PM (15 months ago)
Author:
jorbin
Message:

Upload: Fallback to PclZip to validate ZIP file uploads.

ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.

This introduces the new function wp_zip_file_is_valid() to validate archives.

Follow up to [57388].

Reviewed by jorbin.
Merges [57537] to the 6.4 branch.

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398.

Location:
branches/6.4
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/6.4

  • branches/6.4/src/wp-admin/includes/file.php

    r56825 r57929  
    15651565
    15661566/**
     1567 * Determines whether the given file is a valid ZIP file.
     1568 *
     1569 * This function does not test to ensure that a file exists. Non-existent files
     1570 * are not valid ZIPs, so those will also return false.
     1571 *
     1572 * @since 6.4.4
     1573 *
     1574 * @param string $file Full path to the ZIP file.
     1575 * @return bool Whether the file is a valid ZIP file.
     1576 */
     1577function wp_zip_file_is_valid( $file ) {
     1578    /** This filter is documented in wp-admin/includes/file.php */
     1579    if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
     1580        $archive          = new ZipArchive();
     1581        $archive_is_valid = $archive->open( $file, ZipArchive::CHECKCONS );
     1582        if ( true === $archive_is_valid ) {
     1583            $archive->close();
     1584            return true;
     1585        }
     1586    }
     1587
     1588    // Fall through to PclZip if ZipArchive is not available, or encountered an error opening the file.
     1589    require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
     1590
     1591    $archive          = new PclZip( $file );
     1592    $archive_is_valid = is_array( $archive->properties() );
     1593
     1594    return $archive_is_valid;
     1595}
     1596
     1597/**
    15671598 * Unzips a specified ZIP file to a location on the filesystem via the WordPress
    15681599 * Filesystem Abstraction.
Note: See TracChangeset for help on using the changeset viewer.