WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade/Install: Add more context in signature verify failures. 

This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause.

Props dd32.
See #39309.

Built from https://develop.svn.wordpress.org/trunk@45112


git-svn-id: http://core.svn.wordpress.org/trunk@44921 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
tellyworth 2019-04-05 05:20:51 +00:00
parent 4601e178e5
commit 23fe2800cc
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
wp-admin/includes/file.php
View File

@ -1154,6 +1154,9 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
/* translators: 1: The filename of the package. */ /* translators: 1: The filename of the package. */
__( 'The authenticity of %1$s could not be verified as no signature was found.' ), __( 'The authenticity of %1$s could not be verified as no signature was found.' ),
'<span class="code">' . esc_html( $filename_for_errors ) . '</span>' '<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
),
array(
'filename' => $filename_for_errors,
) )
); );
} }
@ -1163,11 +1166,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
mbstring_binary_safe_encoding(); mbstring_binary_safe_encoding();
$skipped_key = $skipped_signature = 0;
foreach ( (array) $signatures as $signature ) { foreach ( (array) $signatures as $signature ) {
$signature_raw = base64_decode( $signature ); $signature_raw = base64_decode( $signature );
// Ensure only valid-length signatures are considered. // Ensure only valid-length signatures are considered.
if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) { if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
$skipped_signature++;
continue; continue;
} }
@ -1176,6 +1182,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
// Only pass valid public keys through. // Only pass valid public keys through.
if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) { if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
$skipped_key++;
continue; continue;
} }
@ -1197,10 +1204,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
), ),
// Error data helpful for debugging: // Error data helpful for debugging:
array( array(
'filename' => $filename_for_errors, 'filename' => $filename_for_errors,
'keys' => $trusted_keys, 'keys' => $trusted_keys,
'signatures' => $signatures, 'signatures' => $signatures,
'hash' => bin2hex( $file_hash ), 'hash' => bin2hex( $file_hash ),
'skipped_key' => $skipped_key,
'skipped_sig' => $skipped_signature,
'php' => phpversion(),
'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
) )
); );
} }
@ -1210,7 +1221,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
* *
* @since 5.2.0 * @since 5.2.0
* *
* @return array List of hex-encoded Signing keys. * @return array List of base64-encoded Signing keys.
*/ */
function wp_trusted_keys() { function wp_trusted_keys() {
$trusted_keys = array(); $trusted_keys = array();

2
wp-includes/version.php
View File

@ -13,7 +13,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '5.2-beta1-45111'; $wp_version = '5.2-beta1-45112';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.