WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617 

git-svn-id: http://svn.automattic.com/wordpress/trunk@19707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32 2012-01-08 03:48:05 +00:00
parent 01736fb650
commit 3686bc4b6e
3 changed files with 15 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/plugin-install.php
View File

@ -45,9 +45,9 @@ function plugins_api($action, $args = null) {
if ( is_wp_error($request) ) {
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else {
$res = unserialize( wp_remote_retrieve_body( $request ) );
if ( false === $res )
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
}
} elseif ( !is_wp_error($res) ) {
$res->external = true;

8
wp-admin/includes/theme.php
View File

@ -409,12 +409,12 @@ function themes_api($action, $args = null) {
if ( is_wp_error($request) ) {
$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else {
$res = unserialize( wp_remote_retrieve_body( $request ) );
if ( ! $res )
$res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
}
}
//var_dump(array($args, $res));
return apply_filters('themes_api_result', $res, $action, $args);
}

15
wp-includes/update.php
View File

@ -91,10 +91,11 @@ function wp_version_check() {
return false;
$body = trim( wp_remote_retrieve_body( $response ) );
if ( ! $body = maybe_unserialize( $body ) )
return false;
if ( ! isset( $body['offers'] ) )
$body = maybe_unserialize( $body );
if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
return false;
$offers = $body['offers'];
foreach ( $offers as &$offer ) {
@ -205,9 +206,9 @@ function wp_update_plugins() {
if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) )
return false;
$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
if ( false !== $response )
if ( is_array( $response ) )
$new_option->response = $response;
else
$new_option->response = array();
@ -319,8 +320,8 @@ function wp_update_themes() {
$new_update->last_checked = time( );
$new_update->checked = $checked;
$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
if ( false !== $response )
$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
if ( is_array( $response ) )
$new_update->response = $response;
set_site_transient( 'update_themes', $new_update );