[wp-trac] [WordPress Trac] #51714: Theme MD5 checksums for 5.5.3 alpha do not match WordPress.org API checksums.
WordPress Trac
noreply at wordpress.org
Thu Nov 5 18:57:05 UTC 2020
#51714: Theme MD5 checksums for 5.5.3 alpha do not match WordPress.org API
checksums.
------------------------------+-----------------------------
Reporter: datainterlock | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Keywords: dev-feedback
Focuses: coding-standards |
------------------------------+-----------------------------
Been trying to figure this out for a few days days and finally solved it.
I'm working on and MD5 checksum scanner plugin. One of my sites got the
famous alpha 5.5.3 install with all the associated themes. My scanner
successfully identified these files but instead of recognizing them as
simply new files with correct checksums, it recognized them as all having
different checksums from the files on the WP.org site.
Here's how my plugin works for themes since there is no official API
checksums. It physically downloads the theme to the server, unzips it to
a temp directory and gets the MD5 checksums from all the files it finds.
It then compares those checksums to the currently installed theme's
checksums. If the files haven't been changed, the checksums match.
In the case of the alpha install, every single theme file had a different
checksum which should not have occurred if they came from the WP.org theme
repository. So why were they different?
The alpha update came from a Windows server but, the WordPress API is on a
Linux server. When the update downloaded all those themes, the MD5
checksums were an exact match for files that had been first downloaded to
a Windows machine and FTP'd via ASCII file transfer to a Linux machine.
The Windows CR+LF get converted to the Linux NL. The WordPress API server
is on a Linux machine because if my plugin downloads a theme, the
checksums are exactly the same as if you had installed that theme via the
dashboard. That's because there's no CR+LF to be converted.
I verified all of this by downloading the twenty eleven theme to my
Windows machine and FTP'ing the files via ASCII to my server. My MD5
scanner found all of the theme files to have inaccurate MD5's as expected
which exactly matched the alpha update checksums. I then uninstalled the
twenty eleven theme via the dashboard and reinstalled via
Appearance/Themes/Add New. The checksums all matched.
Checksums for an example file: wp-
content/themes/twentyeleven/colors/dark.css
Download URL: https://downloads.wordpress.org/theme/twentyeleven.3.5.zip
Installed via alpha update : MD5: aef2880581a7226882780ffee6f8566e
Uploaded via FTP from a Windows machine: MD5:
aef2880581a7226882780ffee6f8566e
Downloaded directly to a Linux machine and unzipped: MD5 :
d45d493d402d5712ff78878a1d34b6a2
Installed via dashboard : MD5 : d45d493d402d5712ff78878a1d34b6a2
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51714>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list