<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[6022] sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory: Plugin Directory: Generate md5 hashes for plugins.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="http://meta.trac.wordpress.org/changeset/6022">6022</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"http://meta.trac.wordpress.org/changeset/6022","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>dd32</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2017-10-13 08:56:56 +0000 (Fri, 13 Oct 2017)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Plugin Directory: Generate md5 hashes for plugins.
This is a POC and may change or be removed in the future, it's here for testing purposes.
A api.wordpress.org endpoint may be available in the future to access it.
This is only enabled for the 'exploit-scanner' plugin at present, purely for testing, as it publishes the md5 hashes of its own files already
Compare https://wordpress.org/plugins/exploit-scanner/ to https://downloads.wordpress.org/plugins/exploit-scanner.1.5.2.checksums.json
See <a href="http://meta.trac.wordpress.org/ticket/3192">#3192</a></pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectorybinrebuildzipphp">sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/bin/rebuild-zip.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectorycliclassimportphp">sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/cli/class-import.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectoryzipclassbuilderphp">sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-builder.php</a></li>
<li><a href="#sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectoryzipclassservephp">sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectorybinrebuildzipphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/bin/rebuild-zip.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/bin/rebuild-zip.php 2017-10-11 18:46:15 UTC (rev 6021)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/bin/rebuild-zip.php 2017-10-13 08:56:56 UTC (rev 6022)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,5 +1,6 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px"> namespace WordPressdotorg\Plugin_Directory;
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+use WordPressdotorg\Plugin_Directory\Plugin_Directory;
</ins><span class="cx" style="display: block; padding: 0 10px"> use WordPressdotorg\Plugin_Directory\Tools\SVN;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // This script should only be called in a CLI environment.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -85,12 +86,19 @@
</span><span class="cx" style="display: block; padding: 0 10px"> try {
</span><span class="cx" style="display: block; padding: 0 10px"> $zip_builder = new ZIP\Builder();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $plugin_post = Plugin_Directory::get_plugin_post( $plugin_slug );
+ if ( ! $plugin_post ) {
+ throw new Exception( "Could not locate plugin post" );
+ }
+ $stable_tag = get_post_meta( $plugin_post->ID, 'stable_tag', true ) ?? 'trunk';
+
</ins><span class="cx" style="display: block; padding: 0 10px"> // (re)Build & Commit 5 Zips at a time to avoid limitations.
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( array_chunk( $versions, 5 ) as $versions_to_build ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $zip_builder->build(
</span><span class="cx" style="display: block; padding: 0 10px"> $plugin_slug,
</span><span class="cx" style="display: block; padding: 0 10px"> $versions_to_build,
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- "{$plugin_slug}: Rebuild triggered by " . php_uname('n' )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ "{$plugin_slug}: Rebuild triggered by " . php_uname('n' ),
+ $stable_tag
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectorycliclassimportphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/cli/class-import.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/cli/class-import.php 2017-10-11 18:46:15 UTC (rev 6021)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/cli/class-import.php 2017-10-13 08:56:56 UTC (rev 6022)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -195,7 +195,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> array_unique( $versions_to_build ),
</span><span class="cx" style="display: block; padding: 0 10px"> $svn_revision_triggered ?
</span><span class="cx" style="display: block; padding: 0 10px"> "{$plugin_slug}: ZIP build triggered by https://plugins.trac.wordpress.org/changeset/{$svn_revision_triggered}" :
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- "{$plugin_slug}: ZIP build triggered by " . php_uname('n')
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ "{$plugin_slug}: ZIP build triggered by " . php_uname('n'),
+ $stable_tag
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> } catch( Exception $e ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return false;
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectoryzipclassbuilderphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-builder.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-builder.php 2017-10-11 18:46:15 UTC (rev 6021)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-builder.php 2017-10-13 08:56:56 UTC (rev 6022)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -14,30 +14,33 @@
</span><span class="cx" style="display: block; padding: 0 10px"> const SVN_URL = 'http://plugins.svn.wordpress.org';
</span><span class="cx" style="display: block; padding: 0 10px"> const ZIP_SVN_URL = PLUGIN_ZIP_SVN_URL;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- protected $zip_file = '';
- protected $tmp_build_dir = '';
- protected $tmp_dir = '';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ protected $zip_file = '';
+ protected $checksum_file = '';
+ protected $tmp_build_dir = '';
+ protected $tmp_dir = '';
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- protected $slug = '';
- protected $version = '';
- protected $context = '';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ protected $slug = '';
+ protected $version = '';
+ protected $context = '';
+ protected $stable_tag = '';
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Generate a ZIP for a provided Plugin versions.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Generate a ZIP for a provided Plugin tags.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $slug The plugin slug.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $versions The versions of the plugin to build ZIPs for.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $context The context of this Builder instance (commit #, etc)
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function build( $slug, $versions, $context = '' ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function build( $slug, $versions, $context = '', $stable_tag = '' ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> // Bail when in an unconfigured environment.
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! defined( 'PLUGIN_ZIP_SVN_URL' ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return false;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->slug = $slug;
- $this->versions = $versions;
- $this->context = $context;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->slug = $slug;
+ $this->versions = $versions;
+ $this->context = $context;
+ $this->stable_tag = $stable_tag;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // General TMP directory
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! is_dir( self::TMP_DIR ) ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -96,6 +99,8 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Pull the ZIP file down we're going to modify, which may not already exist.
</span><span class="cx" style="display: block; padding: 0 10px"> SVN::up( $this->zip_file );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // This is done within the checksum generation function due to us not knowing the checksum filename until export_plugin().
+ // SVN::up( $this->checksum_file );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> try {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -103,8 +108,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> mkdir( $this->tmp_build_dir, 0777, true );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $this->export_plugin();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->fix_directory_dates();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->fix_directory_dates();
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->generate_zip();
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ $this->generate_checksums();
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->cleanup_plugin_tmp();
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> } catch( Exception $e ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -113,11 +122,17 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Perform an SVN up to revert any changes made.
</span><span class="cx" style="display: block; padding: 0 10px"> SVN::up( $this->zip_file );
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $this->checksum_file ) {
+ SVN::up( $this->checksum_file );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> continue;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Add the ZIP file to SVN - This is only really needed for new files which don't exist in SVN.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- SVN::add( $this->zip_file );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ SVN::add( $this->zip_file );
+ if ( $this->checksum_file ) {
+ SVN::add( $this->checksum_file );
+ }
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $res = SVN::commit(
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -145,6 +160,106 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Generates a JSON file containing the checksums of the files within the ZIP.
+ *
+ * In the event that a previous ZIP for this version exists, checksums for all versions of the file will be included.
+ */
+ function generate_checksums() {
+ // Only enable this for the `exploit-scanner` plugin for the time being.
+ if ( 'exploit-scanner' != $this->slug ) {
+ return;
+ }
+
+ // Don't create checksums for trunk.
+ if ( ! $this->stable_tag || ( 'trunk' == $this->version && 'trunk' != $this->stable_tag && '' != $this->stable_tag ) ) {
+ return;
+ }
+
+ // Fetch the plugin headers
+ $plugin_data = false;
+ foreach ( glob( $this->tmp_build_dir . '/' . $this->slug . '/*.php' ) as $filename ) {
+ $plugin_data = get_plugin_data( $filename, false, false );
+
+ if ( $plugin_data['Name'] && '' !== $plugin_data['Version'] ) {
+ break;
+ }
+ }
+
+ if ( ! $plugin_data || '' === $plugin_data['Version'] ) {
+ return;
+ }
+
+ $plugin_version = $plugin_data['Version'];
+ // Catch malformed version strings.
+ if ( basename( $plugin_version ) != $plugin_version ) {
+ return;
+ }
+
+ $this->checksum_file = "{$this->tmp_dir}/{$this->slug}/{$this->slug}.{$plugin_version}.checksums.json";
+
+ // Checkout the Checksum file for this plugin version
+ SVN::up( $this->checksum_file );
+
+ // Existing checksums?
+ $existing_json_checksum_file = file_exists( $this->checksum_file );
+
+ $this->exec( sprintf(
+ 'cd %s && find . -type f -print0 | sort -z | xargs -0 md5sum 2>&1',
+ escapeshellarg( $this->tmp_build_dir . '/' . $this->slug )
+ ), $checksum_output, $return_value );
+
+ if ( $return_value ) {
+ // throw new Exception( __METHOD__ . ': Checksum generation failed, return code: ' . $return_value, 503 );
+ // For now, just silently bail.
+ return;
+ }
+
+ $checksums = array();
+ foreach ( $checksum_output as $line ) {
+ list( $md5, $filename ) = preg_split( '!\s+!', $line );
+ $filename = preg_replace( '!^./!', '', $filename );
+ $checksums[ trim( $filename ) ] = trim( $md5 );
+ }
+
+ $json_checksum_file = (object) array(
+ 'plugin' => $this->slug,
+ 'version' => $plugin_version,
+ 'source_tag' => $this->version,
+ 'zip' => basename( $this->zip_file ),
+ 'checksums' => $checksums
+ );
+
+ // If the checksum file exists already, merge it into this one.
+ if ( $existing_json_checksum_file ) {
+ $existing_json_checksum_file = json_decode( file_get_contents( $this->checksum_file ) );
+
+ if ( $existing_json_checksum_file && ! empty( $existing_json_checksum_file->checksums ) ) {
+ foreach ( $existing_json_checksum_file->checksums as $file => $checksum_details ) {
+
+ if ( ! isset( $json_checksum_file->checksums[ $file ] ) ) {
+ // Deleted file, include it in checksums.
+ $json_checksum_file->checksums[ $file ] = $checksum_details;
+
+ } elseif ( $json_checksum_file->checksums[ $file ] != $checksum_details ) {
+ // Checksum has changed, include both in the resulting json file.
+ if ( is_array( $checksum_details ) ) {
+ $checksum_details[] = $json_checksum_file->checksums[ $file ];
+ $json_checksum_file->checksums[ $file ] = $checksum_details;
+ } else {
+ $json_checksum_file->checksums[ $file ] = array(
+ $json_checksum_file->checksums[ $file ],
+ $checksum_details
+ );
+ }
+ }
+ }
+ }
+ }
+
+ file_put_contents( $this->checksum_file, wp_json_encode( $json_checksum_file ) );
+ }
+
+ /**
</ins><span class="cx" style="display: block; padding: 0 10px"> * Generates a temporary unique directory in a given directory
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * Performs a similar job to `tempnam()` with an added suffix and doesn't
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -278,7 +393,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return bool
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function invalidate_zip_caches( $versions ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // TODO: Implement PURGE
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // TODO: Implement PURGE
</ins><span class="cx" style="display: block; padding: 0 10px"> return true;
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! defined( 'PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION' ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return true;
</span></span></pre></div>
<a id="sitestrunkwordpressorgpublic_htmlwpcontentpluginsplugindirectoryzipclassservephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php 2017-10-11 18:46:15 UTC (rev 6021)
+++ sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php 2017-10-13 08:56:56 UTC (rev 6022)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -36,32 +36,47 @@
</span><span class="cx" style="display: block; padding: 0 10px"> protected function determine_request() {
</span><span class="cx" style="display: block; padding: 0 10px"> $zip = basename( parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $slug = false;
- $version = 'trunk';
-
- if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(.(?P<version>.+))?.zip$!i", $zip, $m ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(\.(?P<version>.+?))?\.(?P<request_type>zip|checksums\.json)$!i", $zip, $m ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> throw new Exception( __METHOD__ . ": Invalid URL." );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $slug = strtolower( $m['slug'] );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( isset( $m['version'] ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ $version = 'trunk';
+ if ( isset( $m['version'] ) && '' !== $m['version'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $version = $m['version'];
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><span class="cx" style="display: block; padding: 0 10px"> if ( 'latest-stable' == $version ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $version = $this->get_stable_tag( $slug );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( 'zip' == strtolower( $m['request_type'] ) ) {
+ $checksum_request = false;
+ } else {
+ $checksum_request = true;
+
+ // Checksum requests for 'trunk' are not possible.
+ if ( 'trunk' == $version ) {
+ throw new Exception( __METHOD__ . ": Checksum requests must include a version." );
+ }
+
+ }
+
</ins><span class="cx" style="display: block; padding: 0 10px"> $args = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'stats' => true,
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( isset( $_GET['stats'] ) ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+ if ( $checksum_request ) {
+ $args['stats'] = false;
+
+ } elseif ( isset( $_GET['stats'] ) ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $args['stats'] = (bool) $_GET['stats'];
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> } elseif ( isset( $_GET['nostats'] ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $args['stats'] = !empty( $_GET['nostats'] );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- return compact( 'zip', 'slug', 'version', 'args' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ return compact( 'zip', 'slug', 'version', 'args', 'checksum_request' );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -117,17 +132,23 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Returns the files to use for the request.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Returns the file to be served for the request.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $request The request object for the request.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return array An array containing the files to use for the request, 'zip' and 'md5'.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return array The file to serve.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> protected function get_file( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( empty( $request['version'] ) || 'trunk' == $request['version'] ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Checksum requests must include a version
+ if ( $request['checksum_request'] ) {
+ return "{$request['slug']}/{$request['slug']}.{$request['version']}.checksums.json";
+
+ } elseif ( empty( $request['version'] ) || 'trunk' == $request['version'] ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> return "{$request['slug']}/{$request['slug']}.zip";
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="cx" style="display: block; padding: 0 10px"> return "{$request['slug']}/{$request['slug']}.{$request['version']}.zip";
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -136,17 +157,21 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array $request The request array for the request.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> protected function serve_zip( $request ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $zip = $this->get_file( $request );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $file = $this->get_file( $request );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( defined( 'PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION' ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $zip_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $zip;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $file_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $file;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- header( 'Content-Type: application/zip' );
- header( 'Content-Disposition: attachment; filename=' . basename( $zip ) );
- header( "X-Accel-Redirect: $zip_url" );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( $request['checksum_request'] ) {
+ header( 'Content-Type: application/json' );
+ } else {
+ header( 'Content-Type: application/zip' );
+ header( 'Content-Disposition: attachment; filename=' . basename( $file ) );
+ }
+ header( "X-Accel-Redirect: $file_url" );
</ins><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="cx" style="display: block; padding: 0 10px"> header( 'Content-Type: text/plain' );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- echo "This is a request for $zip, this server isn't currently configured to serve zip files.\n";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ echo "This is a request for $file, this server isn't currently configured to serve files.\n";
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( function_exists( 'fastcgi_finish_request' ) ) {
</span></span></pre>
</div>
</div>
</body>
</html>