From 5b6d0357b2b166e6681b833cda822a0a9ca30ba8 Mon Sep 17 00:00:00 2001 From: dd32 Date: Sun, 7 Feb 2010 05:02:24 +0000 Subject: [PATCH] Better error checking for ZipArchive extraction. See #10403 git-svn-id: http://svn.automattic.com/wordpress/trunk@13006 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index 8514cff18..c7482d877 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -538,12 +538,12 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array()) { global $wp_filesystem; $z = new ZipArchive(); - if ( ! $z->open($file) ) + if ( true !== $z->open($file, ZIPARCHIVE::CHECKCONS) ) return new WP_Error('incompatible_archive', __('Incompatible Archive.')); for ( $i = 0; $i < $z->numFiles; $i++ ) { if ( ! $info = $z->statIndex($i) ) - return new WP_Error('stat_failure', __('Could not retrieve file from archive.')); + return new WP_Error('stat_failed', __('Could not retrieve file from archive.')); if ( '/' == substr($info['name'], -1) ) // directory $needed_dirs[] = $to . untrailingslashit($info['name']); @@ -563,12 +563,16 @@ function _unzip_file_ziparchive($file, $to, $needed_dirs = array()) { for ( $i = 0; $i < $z->numFiles; $i++ ) { if ( ! $info = $z->statIndex($i) ) - return new WP_Error('stat_failure', __('Could not retrieve file from archive.')); + return new WP_Error('stat_failed', __('Could not retrieve file from archive.')); if ( '/' == substr($info['name'], -1) ) // directory continue; - if ( ! $wp_filesystem->put_contents( $to . $info['name'], $z->getFromIndex($i), FS_CHMOD_FILE) ) + $contents = $z->getFromIndex($i); + if ( false === $contents ) + return new WP_Error('extract_failed', __('Could not extract file from archive.'), $info['name']); + + if ( ! $wp_filesystem->put_contents( $to . $info['name'], $contents, FS_CHMOD_FILE) ) return new WP_Error('copy_failed', __('Could not copy file.'), $to . $file['filename']); }