Make WordPress Core

Changeset 9163


Ignore:
Timestamp:
10/14/2008 03:56:33 PM (16 years ago)
Author:
ryan
Message:

Sanitation and error handling for plugin install. Props DD32. see #6015

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/plugin-install.php

    r9150 r9163  
    3838    if ( ! $res ) {
    3939        $request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
    40         $res = unserialize($request['body']);
    41         if ( ! $res )
    42             $res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
     40        if ( is_wp_error($request) ) {
     41            $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
     42        } else {
     43            $res = unserialize($request['body']);
     44            if ( ! $res )
     45                $res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
     46        }
    4347    }
    4448
     
    6266
    6367    $tags = plugins_api('hot_tags', $args);
     68
     69    if ( is_wp_error($tags) )
     70        return $tags;
    6471
    6572    $cache = (object) array('timeout' => time(), 'cached' => $tags);
     
    100107
    101108    $api = plugins_api('query_plugins', $args);
     109
     110    if ( is_wp_error($api) )
     111        wp_die($api);
    102112
    103113    add_action('install_plugins_table_header', 'install_search_form');
     
    174184    $args = array('browse' => 'featured', 'page' => $page);
    175185    $api = plugins_api('query_plugins', $args);
     186    if ( is_wp_error($api) )
     187        wp_die($api);
    176188    display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
    177189}
     
    202214    $args = array('browse' => 'new', 'page' => $page);
    203215    $api = plugins_api('query_plugins', $args);
     216    if ( is_wp_error($api) )
     217        wp_die($api);
    204218    display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
    205219}
     
    235249    $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
    236250
    237     $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
     251    $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
     252                                'abbr' => array('title' => array()),'acronym' => array('title' => array()),
     253                                'code' => array(),'em' => array(),'strong' => array());
    238254
    239255?>
     
    317333                <td class="vers"><?php echo $version; ?></td>
    318334                <td class="vers">
    319                     <div class="star-holder" title="<?php printf( __('based on %d ratings'), $plugin['num_ratings'] ); ?>">
     335                    <div class="star-holder" title="<?php printf(__ngettext(__('based on %d rating'), __('based on %d ratings'), $plugin['num_ratings']), $plugin['num_ratings']) ?>">
    320336                        <div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
    321337                        <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
     
    355371
    356372    $api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
     373
     374    if ( is_wp_error($api) )
     375        wp_die($api);
     376
     377    $plugins_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()),
     378                                'abbr' => array('title' => array()), 'acronym' => array('title' => array()),
     379                                'code' => array(), 'em' => array(), 'strong' => array(), 'div' => array(),
     380                                'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array());
     381    //Sanitize HTML
     382    foreach ( (array)$api->sections as $section_name => $content )
     383        $api->sections[$section_name] = wp_kses($content, $plugins_allowedtags);
     384    foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key )
     385        $api->$key = wp_kses($api->$key, $plugins_allowedtags);
    357386
    358387    $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
     
    522551    check_admin_referer('install-plugin_' . $plugin);
    523552    $api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth.
     553   
     554    if ( is_wp_error($api) )
     555        wp_die($api);
    524556
    525557    echo '<div class="wrap">';
     
    835867}
    836868
    837 
    838 
    839869?>
  • trunk/wp-settings.php

    r9085 r9163  
    109109
    110110if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) {
    111     if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
    112         require_once( WP_CONTENT_DIR . '/maintenance.php' );
    113         die();
    114     }
    115 
    116     $protocol = $_SERVER["SERVER_PROTOCOL"];
    117     if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
    118         $protocol = 'HTTP/1.0';
    119     header( "$protocol 503 Service Unavailable", true, 503 );
    120     header( 'Content-Type: text/html; charset=utf-8' );
     111    include(ABSPATH . '.maintenance');
     112    // If the $upgrading timestamp is older than 10 minutes, don't die.
     113    if ( ( time() - $upgrading ) < 600 ) {
     114        if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
     115            require_once( WP_CONTENT_DIR . '/maintenance.php' );
     116            die();
     117        }
     118
     119        $protocol = $_SERVER["SERVER_PROTOCOL"];
     120        if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
     121            $protocol = 'HTTP/1.0';
     122        header( "$protocol 503 Service Unavailable", true, 503 );
     123        header( 'Content-Type: text/html; charset=utf-8' );
    121124?>
    122125<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     
    132135</html>
    133136<?php
    134 die();
     137        die();
     138    }
    135139}
    136140
Note: See TracChangeset for help on using the changeset viewer.