mirror_php/wordpress
1
0
Fork 0
mirror of git://develop.git.wordpress.org/ synced 2025-02-22 23:54:09 +01:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Upgrade/Install: Validate source & destination values in WP_Ugrader.

Browse Source 
Adds a missing string and some additional validation of paths in the upgrader class.

Follow up to [56992].

Props costdev, jipmoors, karlijnbok, swissspidy, afragen, mukesh27.
Fixes #59712.



git-svn-id: https://develop.svn.wordpress.org/trunk@58022 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Peter Wilson 2024-04-18 03:15:50 +00:00
parent a1370583cc
commit 5ae18c46d2
2 changed files with 59 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/class-wp-upgrader.php
View File

@ -196,6 +196,7 @@ class WP_Upgrader {
/* translators: %s: Directory name. */ /* translators: %s: Directory name. */
$this->strings['fs_no_folder'] = __( 'Unable to locate needed folder (%s).' ); $this->strings['fs_no_folder'] = __( 'Unable to locate needed folder (%s).' );
$this->strings['no_package'] = __( 'Package not available.' );
$this->strings['download_failed'] = __( 'Download failed.' ); $this->strings['download_failed'] = __( 'Download failed.' );
$this->strings['installing_package'] = __( 'Installing the latest version…' ); $this->strings['installing_package'] = __( 'Installing the latest version…' );
$this->strings['no_files'] = __( 'The package contains no files.' ); $this->strings['no_files'] = __( 'The package contains no files.' );
@ -527,7 +528,10 @@ class WP_Upgrader {
set_time_limit( 300 ); set_time_limit( 300 );
} }
if ( empty( $source ) || empty( $destination ) ) { if (
( ! is_string( $source ) || '' === $source || trim( $source ) !== $source ) ||
( ! is_string( $destination ) || '' === $destination || trim( $destination ) !== $destination )
) {
return new WP_Error( 'bad_request', $this->strings['bad_request'] ); return new WP_Error( 'bad_request', $this->strings['bad_request'] );
} }
$this->skin->feedback( 'installing_package' ); $this->skin->feedback( 'installing_package' );

62
tests/phpunit/tests/admin/wpUpgrader.php
View File

@ -137,6 +137,7 @@ class Tests_Admin_WpUpgrader extends WP_UnitTestCase {
'fs_no_plugins_dir', 'fs_no_plugins_dir',
'fs_no_themes_dir', 'fs_no_themes_dir',
'fs_no_folder', 'fs_no_folder',
'no_package',
'download_failed', 'download_failed',
'installing_package', 'installing_package',
'no_files', 'no_files',
@ -777,16 +778,36 @@ class Tests_Admin_WpUpgrader extends WP_UnitTestCase {
*/ */
public function data_install_package_invalid_paths() { public function data_install_package_invalid_paths() {
return array( return array(
'empty string' => array( 'path' => '' ), 'empty string' => array( 'path' => '' ),
// Type checks. // Type checks.
'empty array' => array( 'path' => array() ), 'empty array' => array( 'path' => array() ),
'(int) 0' => array( 'path' => 0 ), 'populated array' => array( 'path' => array( '/' ) ),
'(int) -0' => array( 'path' => -0 ), '(int) 0' => array( 'path' => 0 ),
'(float) 0.0' => array( 'path' => 0.0 ), '(int) -0' => array( 'path' => -0 ),
'(float) -0.0' => array( 'path' => -0.0 ), '(int) -1' => array( 'path' => -1 ),
'(bool) false' => array( 'path' => false ), '(int) 1' => array( 'path' => 1 ),
'null' => array( 'path' => null ), '(float) 0.0' => array( 'path' => 0.0 ),
'(float) -0.0' => array( 'path' => -0.0 ),
'(float) 1.0' => array( 'path' => 1.0 ),
'(float) -1.0' => array( 'path' => -1.0 ),
'(bool) false' => array( 'path' => false ),
'(bool) true' => array( 'path' => true ),
'null' => array( 'path' => null ),
'empty object' => array( 'path' => new stdClass() ),
'populated object' => array( 'path' => (object) array( '/' ) ),
// Ensures that `trim()` is run triggering an empty array.
'a string with spaces' => array( 'path' => ' ' ),
'a string with tabs' => array( 'path' => "\t\t" ),
'a string with new lines' => array( 'path' => "\n\n" ),
'a string with carriage returns' => array( 'path' => "\r\r" ),
// Ensure that strings with leading/trailing whitespace are invalid.
'a path with a leading space' => array( 'path' => ' /path' ),
'a path with a trailing space' => array( 'path' => '/path ' ),
'a path with a leading tab' => array( 'path' => "\t/path" ),
'a path with a trailing tab' => array( 'path' => "/path\t" ),
); );
} }
@ -1556,6 +1577,31 @@ class Tests_Admin_WpUpgrader extends WP_UnitTestCase {
$this->assertSame( __FILE__, $result ); $this->assertSame( __FILE__, $result );
} }
/**
* Tests that `WP_Upgrader::download_package()` returns a WP_Error object
* for an empty package.
*
* @ticket 59712
*
* @covers WP_Upgrader::download_package
*/
public function test_download_package_should_return_a_wp_error_object_for_an_empty_package() {
self::$instance->init();
$result = self::$instance->download_package( '' );
$this->assertWPError(
$result,
'WP_Upgrader::download_package() did not return a WP_Error object'
);
$this->assertSame(
'no_package',
$result->get_error_code(),
'Unexpected WP_Error code'
);
}
/** /**
* Tests that `WP_Upgrader::download_package()` returns a file with the * Tests that `WP_Upgrader::download_package()` returns a file with the
* package name in it. * package name in it.