WordPress.org
Get WordPress

Make WordPress Core

Changeset 57537


Ignore:
Timestamp:
02/05/2024 10:21:35 PM ( 8 months ago)
Author:
peterwilsoncc
Message:

Upload: Fallback to PclZip to validate ZIP file uploads.

ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.

This introduces the new function wp_zip_file_is_valid() to validate archives.

Follow up to [57388] .

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398 .

Location:
trunk
Files:
15 added
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/includes/class-file-upload-upgrader.php

    r57388 r57537  
    seventy-one seventy-one
    seventy-two seventy-two             if ( 'pluginzip' === $form || 'themezip' === $form ) {
    seventy-three                   $archive_is_valid = false;
    seventy-four  
    seventy-five                   /** This filter is documented in wp-admin/includes/file.php */
    seventy-six                   if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
    seventy-seven                       $archive          = new ZipArchive();
    seventy-eight                       $archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
    seventy-nine  
    eighty                       if ( true === $archive_is_valid ) {
    eighty-one                           $archive->close();
    eighty-two                       }
    eighty-three                   } else {
    eighty-four                       require_once ABSPATH . ' wp-admin/includes/class-pclzip.php';
    eighty-five  
    eighty-six                       $archive          = new PclZip( $file['file'] );
    eighty-seven                       $archive_is_valid = is_array( $archive->properties() );
    eighty-eight                   }
    eighty-nine  
    ninety                   if ( true !== $archive_is_valid ) {
      seventy-three                 if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
    ninety-one seventy-four                     wp_delete_file( $file['file'] );
    ninety-two seventy-five                     wp_die( __( 'Incompatible Archive.' ) );

  • trunk/src/wp-admin/includes/file.php

    r57027 r57537  
    one thousand five hundred and sixty-five one thousand five hundred and sixty-five
    one thousand five hundred and sixty-six one thousand five hundred and sixty-six /**
      one thousand five hundred and sixty-seven  * Determines whether the given file is a valid ZIP file.
      one thousand five hundred and sixty-eight  *
      one thousand five hundred and sixty-nine  * This function does not test to ensure that a file exists. Non-existent files
      one thousand five hundred and seventy  * are not valid ZIPs, so those will also return false.
      one thousand five hundred and seventy-one  *
      one thousand five hundred and seventy-two  * @since 6.4.4
      one thousand five hundred and seventy-three  *
      one thousand five hundred and seventy-four  * @param string $file Full path to the ZIP file.
      one thousand five hundred and seventy-five  * @return bool Whether the file is a valid ZIP file.
      one thousand five hundred and seventy-six  */
      one thousand five hundred and seventy-seven function wp_zip_file_is_valid( $file ) {
      one thousand five hundred and seventy-eight     /** This filter is documented in wp-admin/includes/file.php */
      one thousand five hundred and seventy-nine     if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
      one thousand five hundred and eighty         $archive          = new ZipArchive();
      one thousand five hundred and eighty-one         $archive_is_valid = $archive->open( $file, ZipArchive::CHECKCONS );
      one thousand five hundred and eighty-two         if ( true === $archive_is_valid ) {
      one thousand five hundred and eighty-three             $archive->close();
      one thousand five hundred and eighty-four             return true;
      one thousand five hundred and eighty-five         }
      one thousand five hundred and eighty-six     }
      one thousand five hundred and eighty-seven
      one thousand five hundred and eighty-eight     // Fall through to PclZip if ZipArchive is not available, or encountered an error opening the file.
      one thousand five hundred and eighty-nine     require_once ABSPATH . ' wp-admin/includes/class-pclzip.php';
      one thousand five hundred and ninety
      one thousand five hundred and ninety-one     $archive          = new PclZip( $file );
      one thousand five hundred and ninety-two     $archive_is_valid = is_array( $archive->properties() );
      one thousand five hundred and ninety-three
      one thousand five hundred and ninety-four     return $archive_is_valid;
      one thousand five hundred and ninety-five }
      one thousand five hundred and ninety-six
      one thousand five hundred and ninety-seven /**
    one thousand five hundred and sixty-seven one thousand five hundred and ninety-eight  * Unzips a specified ZIP file to a location on the filesystem via the WordPress
    one thousand five hundred and sixty-eight one thousand five hundred and ninety-nine  * Filesystem Abstraction.
Note: See TracChangeset for help on using the changeset viewer.