diff --git src/wp-admin/includes/class-core-upgrader.php src/wp-admin/includes/class-core-upgrader.php index 5cb818cd59..c4c92f8da6 100644 --- src/wp-admin/includes/class-core-upgrader.php +++ src/wp-admin/includes/class-core-upgrader.php @@ -119,13 +119,20 @@ class Core_Upgrader extends WP_Upgrader { $to_download = 'full'; } + // Allow custom modification of the package URL. + $package_url = apply_filters( 'custom_update_package', $current->packages->$to_download, $to_download, $current ); + + // Determine if signature check is needed for the resolved package_url. + // Defaults to true (perform signature check). Filter to return false to skip. + $check_signatures = apply_filters( 'check_signature_for_package', true, $package_url, $to_download, $current ); + // Lock to prevent multiple Core Updates occurring. $lock = WP_Upgrader::create_lock( 'core_updater', 15 * MINUTE_IN_SECONDS ); if ( ! $lock ) { return new WP_Error( 'locked', $this->strings['locked'] ); } - $download = $this->download_package( $current->packages->$to_download, false ); + $download = $this->download_package( $package_url, false, null, $check_signatures ); /* * Allow for signature soft-fail. @@ -277,7 +284,7 @@ class Core_Upgrader extends WP_Upgrader { * @return bool True if we should update to the offered version, otherwise false. */ public static function should_update_to_version( $offered_ver ) { - require ABSPATH . WPINC . '/version.php'; // $wp_version; // x.y.z + require ABSPATH . WPINC . '/version.php'; // $wp_version; $current_branch = implode( '.', array_slice( preg_split( '/[.-]/', $wp_version ), 0, 2 ) ); // x.y $new_branch = implode( '.', array_slice( preg_split( '/[.-]/', $offered_ver ), 0, 2 ) ); // x.y @@ -403,6 +410,12 @@ class Core_Upgrader extends WP_Upgrader { public function check_files() { global $wp_version, $wp_local_package; + // Allow skipping checksums for custom packages. + // Defaults to true (perform checksum check). Filter to return false to skip. + if ( ! apply_filters( 'pre_check_md5_for_custom_package', true, $wp_version, isset( $wp_local_package ) ? $wp_local_package : 'en_US' ) ) { + return true; // Pretend checksums are fine if filter returns false. + } + $checksums = get_core_checksums( $wp_version, isset( $wp_local_package ) ? $wp_local_package : 'en_US' ); if ( ! is_array( $checksums ) ) { diff --git src/wp-admin/includes/class-wp-upgrader.php src/wp-admin/includes/class-wp-upgrader.php index d641d10386..bfb6d1bf5e 100644 --- src/wp-admin/includes/class-wp-upgrader.php +++ src/wp-admin/includes/class-wp-upgrader.php @@ -302,9 +302,10 @@ class WP_Upgrader { * existing local file, it will be returned untouched. * @param bool $check_signatures Whether to validate file signatures. Default false. * @param array $hook_extra Extra arguments to pass to the filter hooks. Default empty array. + * @param bool $force_check_signatures Whether to force signature check. Default null. * @return string|WP_Error The full path to the downloaded package file, or a WP_Error object. */ - public function download_package( $package, $check_signatures = false, $hook_extra = array() ) { + public function download_package( $package, $check_signatures = false, $hook_extra = array(), $force_check_signatures = null ) { /** * Filters whether to return the package. * @@ -332,7 +333,9 @@ class WP_Upgrader { $this->skin->feedback( 'downloading_package', $package ); - $download_file = download_url( $package, 300, $check_signatures ); + // Use $force_check_signatures if passed and is_bool, otherwise use $check_signatures + $perform_signature_check = is_bool( $force_check_signatures ) ? $force_check_signatures : $check_signatures; + $download_file = download_url( $package, 300, $perform_signature_check ); if ( is_wp_error( $download_file ) && ! $download_file->get_error_data( 'softfail-filename' ) ) { return new WP_Error( 'download_failed', $this->strings['download_failed'], $download_file->get_error_message() );