mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-03 15:08:10 +01:00
use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617
git-svn-id: http://svn.automattic.com/wordpress/trunk@19707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
01736fb650
commit
3686bc4b6e
@ -45,9 +45,9 @@ function plugins_api($action, $args = null) {
|
|||||||
if ( is_wp_error($request) ) {
|
if ( is_wp_error($request) ) {
|
||||||
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
|
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
|
||||||
} else {
|
} else {
|
||||||
$res = unserialize( wp_remote_retrieve_body( $request ) );
|
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
|
||||||
if ( false === $res )
|
if ( ! is_object( $res ) && ! is_array( $res ) )
|
||||||
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
|
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
|
||||||
}
|
}
|
||||||
} elseif ( !is_wp_error($res) ) {
|
} elseif ( !is_wp_error($res) ) {
|
||||||
$res->external = true;
|
$res->external = true;
|
||||||
|
@ -409,12 +409,12 @@ function themes_api($action, $args = null) {
|
|||||||
if ( is_wp_error($request) ) {
|
if ( is_wp_error($request) ) {
|
||||||
$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
|
$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
|
||||||
} else {
|
} else {
|
||||||
$res = unserialize( wp_remote_retrieve_body( $request ) );
|
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
|
||||||
if ( ! $res )
|
if ( ! is_object( $res ) && ! is_array( $res ) )
|
||||||
$res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
|
$res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
//var_dump(array($args, $res));
|
|
||||||
return apply_filters('themes_api_result', $res, $action, $args);
|
return apply_filters('themes_api_result', $res, $action, $args);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -91,10 +91,11 @@ function wp_version_check() {
|
|||||||
return false;
|
return false;
|
||||||
|
|
||||||
$body = trim( wp_remote_retrieve_body( $response ) );
|
$body = trim( wp_remote_retrieve_body( $response ) );
|
||||||
if ( ! $body = maybe_unserialize( $body ) )
|
$body = maybe_unserialize( $body );
|
||||||
return false;
|
|
||||||
if ( ! isset( $body['offers'] ) )
|
if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$offers = $body['offers'];
|
$offers = $body['offers'];
|
||||||
|
|
||||||
foreach ( $offers as &$offer ) {
|
foreach ( $offers as &$offer ) {
|
||||||
@ -205,9 +206,9 @@ function wp_update_plugins() {
|
|||||||
if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) )
|
if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
|
$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
|
||||||
|
|
||||||
if ( false !== $response )
|
if ( is_array( $response ) )
|
||||||
$new_option->response = $response;
|
$new_option->response = $response;
|
||||||
else
|
else
|
||||||
$new_option->response = array();
|
$new_option->response = array();
|
||||||
@ -319,8 +320,8 @@ function wp_update_themes() {
|
|||||||
$new_update->last_checked = time( );
|
$new_update->last_checked = time( );
|
||||||
$new_update->checked = $checked;
|
$new_update->checked = $checked;
|
||||||
|
|
||||||
$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
|
$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
|
||||||
if ( false !== $response )
|
if ( is_array( $response ) )
|
||||||
$new_update->response = $response;
|
$new_update->response = $response;
|
||||||
|
|
||||||
set_site_transient( 'update_themes', $new_update );
|
set_site_transient( 'update_themes', $new_update );
|
||||||
|
Loading…
Reference in New Issue
Block a user