use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

git-svn-id: http://svn.automattic.com/wordpress/trunk@19707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2012-01-08 03:48:05 +00:00
parent 01736fb650
commit 3686bc4b6e
3 changed files with 15 additions and 14 deletions

View File

@ -45,9 +45,9 @@ function plugins_api($action, $args = null) {
if ( is_wp_error($request) ) { if ( is_wp_error($request) ) {
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() ); $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else { } else {
$res = unserialize( wp_remote_retrieve_body( $request ) ); $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( false === $res ) if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) ); $res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
} }
} elseif ( !is_wp_error($res) ) { } elseif ( !is_wp_error($res) ) {
$res->external = true; $res->external = true;

View File

@ -409,12 +409,12 @@ function themes_api($action, $args = null) {
if ( is_wp_error($request) ) { if ( is_wp_error($request) ) {
$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() ); $res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else { } else {
$res = unserialize( wp_remote_retrieve_body( $request ) ); $res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( ! $res ) if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) ); $res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
} }
} }
//var_dump(array($args, $res));
return apply_filters('themes_api_result', $res, $action, $args); return apply_filters('themes_api_result', $res, $action, $args);
} }

View File

@ -91,10 +91,11 @@ function wp_version_check() {
return false; return false;
$body = trim( wp_remote_retrieve_body( $response ) ); $body = trim( wp_remote_retrieve_body( $response ) );
if ( ! $body = maybe_unserialize( $body ) ) $body = maybe_unserialize( $body );
return false;
if ( ! isset( $body['offers'] ) ) if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
return false; return false;
$offers = $body['offers']; $offers = $body['offers'];
foreach ( $offers as &$offer ) { foreach ( $offers as &$offer ) {
@ -205,9 +206,9 @@ function wp_update_plugins() {
if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) ) if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) )
return false; return false;
$response = unserialize( wp_remote_retrieve_body( $raw_response ) ); $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
if ( false !== $response ) if ( is_array( $response ) )
$new_option->response = $response; $new_option->response = $response;
else else
$new_option->response = array(); $new_option->response = array();
@ -319,8 +320,8 @@ function wp_update_themes() {
$new_update->last_checked = time( ); $new_update->last_checked = time( );
$new_update->checked = $checked; $new_update->checked = $checked;
$response = unserialize( wp_remote_retrieve_body( $raw_response ) ); $response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
if ( false !== $response ) if ( is_array( $response ) )
$new_update->response = $response; $new_update->response = $response;
set_site_transient( 'update_themes', $new_update ); set_site_transient( 'update_themes', $new_update );