IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

use maybe_unserialize() in update and API checks, Tighten up the checks on expected return data to avoid processing invalid responses after change. See #19617

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@19707 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
dd32
2012-01-08 03:48:05 +00:00
parent 01736fb650
commit 3686bc4b6e
3 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/plugin-install.php
View File

@@ -45,9 +45,9 @@ function plugins_api($action, $args = null) {
if ( is_wp_error($request) ) {
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else {
$res = unserialize( wp_remote_retrieve_body( $request ) );
if ( false === $res )
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
}
} elseif ( !is_wp_error($res) ) {
$res->external = true;

8
wp-admin/includes/theme.php
View File

@@ -409,12 +409,12 @@ function themes_api($action, $args = null) {
if ( is_wp_error($request) ) {
$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
} else {
$res = unserialize( wp_remote_retrieve_body( $request ) );
if ( ! $res )
$res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
if ( ! is_object( $res ) && ! is_array( $res ) )
$res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
}
}
//var_dump(array($args, $res));
return apply_filters('themes_api_result', $res, $action, $args);
}