Changeset 57537

Timestamp:

02/05/2024 10:21:35 PM (6 months ago)

Author:

peterwilsoncc

Message:

Upload: Fallback to PclZip to validate ZIP file uploads.

ZipArchive can fail to validate ZIP files correctly and report valid files as invalid. This introduces a fallback to PclZip to check validity of files if ZipArchive fails them.

This introduces the new function wp_zip_file_is_valid() to validate archives.

Follow up to [57388].

Props audunmb, azaozz, britner, cdevroe, colorful-tones, costdev, courane01, endymion00, feastdesignco, halounsbury, jeffpaul, johnbillion, jorbin, jsandtro, karinclimber, kevincoleman, koesper, maartenbelmans, mathewemoore, melcarthus, mujuonly, nerdpressteam, olegfuture, otto42, peterwilsoncc, room34, sayful, schutzsmith, stephencronin, svitlana41319, swissspidy, tnolte, tobiasbg, vikram6, welaunchio.
Fixes #60398.

Location:

trunk

Files:

• src/wp-admin/includes/class-file-upload-upgrader.php (modified) (1 diff)
• src/wp-admin/includes/file.php (modified) (1 diff)
• tests/phpunit/data/filesystem/_source-license (added)
• tests/phpunit/data/filesystem/archive-comment.zip (added)
• tests/phpunit/data/filesystem/archive-cp866.zip (added)
• tests/phpunit/data/filesystem/archive-directory-entry.zip (added)
• tests/phpunit/data/filesystem/archive-encrypted.zip (added)
• tests/phpunit/data/filesystem/archive-flags-set.zip (added)
• tests/phpunit/data/filesystem/archive-gnome.zip (added)
• tests/phpunit/data/filesystem/archive-invalid-ext.md (added)
• tests/phpunit/data/filesystem/archive-invalid.zip (added)
• tests/phpunit/data/filesystem/archive-large.zip (added)
• tests/phpunit/data/filesystem/archive-macos.zip (added)
• tests/phpunit/data/filesystem/archive-ubuntu-nautilus.zip (added)
• tests/phpunit/data/filesystem/archive-uncompressed.zip (added)
• tests/phpunit/data/filesystem/archive.crx (added)
• tests/phpunit/tests/filesystem/wpZipFileIsValid.php (added)

trunk/src/wp-admin/includes/class-file-upload-upgrader.php

@@ -71 +71 @@
 
             if ( 'pluginzip' === $form || 'themezip' === $form ) {
-                $archive_is_valid = false;
-
-                /** This filter is documented in wp-admin/includes/file.php */
-                if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
-                    $archive          = new ZipArchive();
-                    $archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
-
-                    if ( true === $archive_is_valid ) {
-                        $archive->close();
-                    }
-                } else {
-                    require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
-
-                    $archive          = new PclZip( $file['file'] );
-                    $archive_is_valid = is_array( $archive->properties() );
-                }
-
-                if ( true !== $archive_is_valid ) {
+                if ( ! wp_zip_file_is_valid( $file['file'] ) ) {
                     wp_delete_file( $file['file'] );
                     wp_die( __( 'Incompatible Archive.' ) );

trunk/src/wp-admin/includes/file.php

@@ -1565 +1565 @@
 
 /**
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
  * Unzips a specified ZIP file to a location on the filesystem via the WordPress
  * Filesystem Abstraction.