WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-03-09 07:00:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

Sanitation and error handling for plugin install. Props DD32. see #6015

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@9163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-10-14 15:56:33 +00:00
parent 0a7871c4ab
commit d7fccb66d3
2 changed files with 51 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
wp-admin/includes/plugin-install.php
View File

@ -37,9 +37,13 @@ function plugins_api($action, $args = null) {
if ( ! $res ) { if ( ! $res ) {
$request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) ); $request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
$res = unserialize($request['body']); if ( is_wp_error($request) ) {
if ( ! $res ) $res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
$res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']); } else {
$res = unserialize($request['body']);
if ( ! $res )
$res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
}
} }
return apply_filters('plugins_api_result', $res, $action, $args); return apply_filters('plugins_api_result', $res, $action, $args);
@ -62,6 +66,9 @@ function install_popular_tags( $args = array() ) {
$tags = plugins_api('hot_tags', $args); $tags = plugins_api('hot_tags', $args);
if ( is_wp_error($tags) )
return $tags;
$cache = (object) array('timeout' => time(), 'cached' => $tags); $cache = (object) array('timeout' => time(), 'cached' => $tags);
update_option('wporg_popular_tags', $cache); update_option('wporg_popular_tags', $cache);
@ -100,6 +107,9 @@ function install_search($page) {
$api = plugins_api('query_plugins', $args); $api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
add_action('install_plugins_table_header', 'install_search_form'); add_action('install_plugins_table_header', 'install_search_form');
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']); display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
@ -173,6 +183,8 @@ add_action('install_plugins_featured', 'install_featured', 10, 1);
function install_featured($page = 1) { function install_featured($page = 1) {
$args = array('browse' => 'featured', 'page' => $page); $args = array('browse' => 'featured', 'page' => $page);
$api = plugins_api('query_plugins', $args); $api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']); display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
} }
@ -201,6 +213,8 @@ add_action('install_plugins_new', 'install_new', 10, 1);
function install_new($page = 1) { function install_new($page = 1) {
$args = array('browse' => 'new', 'page' => $page); $args = array('browse' => 'new', 'page' => $page);
$api = plugins_api('query_plugins', $args); $api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']); display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
} }
add_action('install_plugins_updated', 'install_updated', 10, 1); add_action('install_plugins_updated', 'install_updated', 10, 1);
@ -234,7 +248,9 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : ''; $type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
$term = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; $term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
$plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()); $plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
'abbr' => array('title' => array()),'acronym' => array('title' => array()),
'code' => array(),'em' => array(),'strong' => array());
?> ?>
<div class="tablenav"> <div class="tablenav">
@ -316,7 +332,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
<td class="name"><?php echo $title; ?></td> <td class="name"><?php echo $title; ?></td>
<td class="vers"><?php echo $version; ?></td> <td class="vers"><?php echo $version; ?></td>
<td class="vers"> <td class="vers">
<div class="star-holder" title="<?php printf( __('based on %d ratings'), $plugin['num_ratings'] ); ?>"> <div class="star-holder" title="<?php printf(__ngettext(__('based on %d rating'), __('based on %d ratings'), $plugin['num_ratings']), $plugin['num_ratings']) ?>">
<div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div> <div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
@ -355,6 +371,19 @@ function install_plugin_information() {
$api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin'])); $api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
if ( is_wp_error($api) )
wp_die($api);
$plugins_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()),
'abbr' => array('title' => array()), 'acronym' => array('title' => array()),
'code' => array(), 'em' => array(), 'strong' => array(), 'div' => array(),
'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array());
//Sanitize HTML
foreach ( (array)$api->sections as $section_name => $content )
$api->sections[$section_name] = wp_kses($content, $plugins_allowedtags);
foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key )
$api->$key = wp_kses($api->$key, $plugins_allowedtags);
$section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English. $section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
if( empty($section) || ! isset($api->sections[ $section ]) ) if( empty($section) || ! isset($api->sections[ $section ]) )
$section = array_shift( $section_titles = array_keys((array)$api->sections) ); $section = array_shift( $section_titles = array_keys((array)$api->sections) );
@ -521,6 +550,9 @@ function install_plugin() {
check_admin_referer('install-plugin_' . $plugin); check_admin_referer('install-plugin_' . $plugin);
$api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth. $api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth.
if ( is_wp_error($api) )
wp_die($api);
echo '<div class="wrap">'; echo '<div class="wrap">';
echo '<h2>', sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version ), '</h2>'; echo '<h2>', sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version ), '</h2>';
@ -834,6 +866,4 @@ function wp_install_plugin_local_package($package, $feedback = '') {
return $folder . '/' . $pluginfiles[0]; return $folder . '/' . $pluginfiles[0];
} }
?> ?>

24
wp-settings.php
View File

@ -108,16 +108,19 @@ if ( !defined('WP_CONTENT_DIR') )
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // no trailing slash, full paths only - WP_CONTENT_URL is defined further down define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // no trailing slash, full paths only - WP_CONTENT_URL is defined further down
if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) { if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) {
if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) { include(ABSPATH . '.maintenance');
require_once( WP_CONTENT_DIR . '/maintenance.php' ); // If the $upgrading timestamp is older than 10 minutes, don't die.
die(); if ( ( time() - $upgrading ) < 600 ) {
} if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
require_once( WP_CONTENT_DIR . '/maintenance.php' );
die();
}
$protocol = $_SERVER["SERVER_PROTOCOL"]; $protocol = $_SERVER["SERVER_PROTOCOL"];
if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol ) if ( 'HTTP/1.1' != $protocol && 'HTTP/1.0' != $protocol )
$protocol = 'HTTP/1.0'; $protocol = 'HTTP/1.0';
header( "$protocol 503 Service Unavailable", true, 503 ); header( "$protocol 503 Service Unavailable", true, 503 );
header( 'Content-Type: text/html; charset=utf-8' ); header( 'Content-Type: text/html; charset=utf-8' );
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml">
@ -131,7 +134,8 @@ if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) {
</body> </body>
</html> </html>
<?php <?php
die(); die();
}
} }
if ( !extension_loaded('mysql') && !file_exists(WP_CONTENT_DIR . '/db.php') ) if ( !extension_loaded('mysql') && !file_exists(WP_CONTENT_DIR . '/db.php') )