diff --git wordpress/wp-includes/class-http.php wordpress/wp-includes/class-http.php index a9738ee..542b360 100644 --- wordpress/wp-includes/class-http.php +++ wordpress/wp-includes/class-http.php @@ -741,16 +741,18 @@ class WP_Http_Fsockopen { if ( ! $stream_handle ) return new WP_Error( 'http_request_failed', sprintf( __( 'Could not open handle for fopen() to %s' ), $r['filename'] ) ); + $bytes_written = 0; + while ( ! feof($handle) ) { $block = fread( $handle, 4096 ); if ( $bodyStarted ) { - fwrite( $stream_handle, $block ); + $bytes_written += fwrite( $stream_handle, $block ); } else { $strResponse .= $block; if ( strpos( $strResponse, "\r\n\r\n" ) ) { $process = WP_Http::processResponse( $strResponse ); $bodyStarted = true; - fwrite( $stream_handle, $process['body'] ); + $bytes_written += fwrite( $stream_handle, $process['body'] ); unset( $strResponse ); $process['body'] = ''; } @@ -774,6 +776,12 @@ class WP_Http_Fsockopen { $arrHeaders = WP_Http::processHeaders( $process['headers'] ); + //Check the file was fully written to disk + if ( $r['stream'] && isset( $arrHeaders['headers']['content-length'] ) && (int)$arrHeaders['headers']['content-length'] > $bytes_written ) { + unlink( $r['filename'] ); + return new WP_Error( 'http_request_failed', __( 'Failed to write full file to disk.' ) ); + } + // If location is found, then assume redirect and redirect to location. if ( isset($arrHeaders['headers']['location']) && 0 !== $r['_redirection'] ) { if ( $r['redirection']-- > 0 ) { @@ -942,7 +950,7 @@ class WP_Http_Streams { if ( ! $stream_handle ) return new WP_Error( 'http_request_failed', sprintf( __( 'Could not open handle for fopen() to %s' ), $r['filename'] ) ); - stream_copy_to_stream( $handle, $stream_handle ); + $bytes_written = stream_copy_to_stream( $handle, $stream_handle ); fclose( $stream_handle ); $strResponse = ''; @@ -960,6 +968,14 @@ class WP_Http_Streams { else $processedHeaders = WP_Http::processHeaders($meta['wrapper_data']); + //Check the file was fully written to disk + if ( $r['stream'] && isset( $processedHeaders['headers']['content-length'] ) ) { + if ( (int)$processedHeaders['headers']['content-length'] > $bytes_written && ! ( $bytes_written === 1 && 0 === (int) $processedHeaders['headers']['content-length'] ) ) { // PHP Bug: http://bugs.php.net/bug.php?id=47997 fixed in 5.2.10 + unlink( $r['filename'] ); + return new WP_Error( 'http_request_failed', __( 'Failed to write full file to disk.' ) ); + } + } + // Streams does not provide an error code which we can use to see why the request stream stopped. // We can however test to see if a location header is present and return based on that. if ( isset($processedHeaders['headers']['location']) && 0 !== $args['_redirection'] ) @@ -1172,8 +1188,14 @@ class WP_Http_Curl { curl_close( $handle ); - if ( $r['stream'] ) + if ( $r['stream'] ) { fclose( $stream_handle ); + // Check the file was fully written to disk + if ( isset( $theHeaders['headers']['content-length'] ) && (int)$theHeaders['headers']['content-length'] > filesize( $r['filename'] ) ) { + unlink( $r['filename'] ); + return new WP_Error( 'http_request_failed', __( 'Failed to write full file to disk.' ) ); + } + } // See #11305 - When running under safe mode, redirection is disabled above. Handle it manually. if ( ! empty( $theHeaders['headers']['location'] ) && 0 !== $r['_redirection'] ) { // _redirection: The requested number of redirections