Sanitation and error handling for plugin install. Props DD32. see #6015

git-svn-id: http://svn.automattic.com/wordpress/trunk@9163 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2008-10-14 15:56:33 +00:00
parent 0a7871c4ab
commit d7fccb66d3
2 changed files with 51 additions and 17 deletions

View File

@ -37,10 +37,14 @@ function plugins_api($action, $args = null) {
if ( ! $res ) {
$request = wp_remote_post('http://api.wordpress.org/plugins/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
if ( is_wp_error($request) ) {
$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
} else {
$res = unserialize($request['body']);
if ( ! $res )
$res = new WP_Error('plugins_api_failed', __('An unknown error occured'), $request['body']);
}
}
return apply_filters('plugins_api_result', $res, $action, $args);
}
@ -62,6 +66,9 @@ function install_popular_tags( $args = array() ) {
$tags = plugins_api('hot_tags', $args);
if ( is_wp_error($tags) )
return $tags;
$cache = (object) array('timeout' => time(), 'cached' => $tags);
update_option('wporg_popular_tags', $cache);
@ -100,6 +107,9 @@ function install_search($page) {
$api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
add_action('install_plugins_table_header', 'install_search_form');
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
@ -173,6 +183,8 @@ add_action('install_plugins_featured', 'install_featured', 10, 1);
function install_featured($page = 1) {
$args = array('browse' => 'featured', 'page' => $page);
$api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
}
@ -201,6 +213,8 @@ add_action('install_plugins_new', 'install_new', 10, 1);
function install_new($page = 1) {
$args = array('browse' => 'new', 'page' => $page);
$api = plugins_api('query_plugins', $args);
if ( is_wp_error($api) )
wp_die($api);
display_plugins_table($api->plugins, $api->info['page'], $api->info['pages']);
}
add_action('install_plugins_updated', 'install_updated', 10, 1);
@ -234,7 +248,9 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
$type = isset($_REQUEST['type']) ? $_REQUEST['type'] : '';
$term = isset($_REQUEST['s']) ? $_REQUEST['s'] : '';
$plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array());
$plugins_allowedtags = array('a' => array('href' => array(),'title' => array(), 'target' => array()),
'abbr' => array('title' => array()),'acronym' => array('title' => array()),
'code' => array(),'em' => array(),'strong' => array());
?>
<div class="tablenav">
@ -316,7 +332,7 @@ function display_plugins_table($plugins, $page = 1, $totalpages = 1){
<td class="name"><?php echo $title; ?></td>
<td class="vers"><?php echo $version; ?></td>
<td class="vers">
<div class="star-holder" title="<?php printf( __('based on %d ratings'), $plugin['num_ratings'] ); ?>">
<div class="star-holder" title="<?php printf(__ngettext(__('based on %d rating'), __('based on %d ratings'), $plugin['num_ratings']), $plugin['num_ratings']) ?>">
<div class="star star-rating" style="width: <?php echo attribute_escape($plugin['rating']) ?>px"></div>
<div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
<div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
@ -355,6 +371,19 @@ function install_plugin_information() {
$api = plugins_api('plugin_information', array('slug' => $_REQUEST['plugin']));
if ( is_wp_error($api) )
wp_die($api);
$plugins_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()),
'abbr' => array('title' => array()), 'acronym' => array('title' => array()),
'code' => array(), 'em' => array(), 'strong' => array(), 'div' => array(),
'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array());
//Sanitize HTML
foreach ( (array)$api->sections as $section_name => $content )
$api->sections[$section_name] = wp_kses($content, $plugins_allowedtags);
foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key )
$api->$key = wp_kses($api->$key, $plugins_allowedtags);
$section = isset($_REQUEST['section']) ? $_REQUEST['section'] : 'description'; //Default to the Description tab, Do not translate, API returns English.
if( empty($section) || ! isset($api->sections[ $section ]) )
$section = array_shift( $section_titles = array_keys((array)$api->sections) );
@ -522,6 +551,9 @@ function install_plugin() {
check_admin_referer('install-plugin_' . $plugin);
$api = plugins_api('plugin_information', array('slug' => $plugin, 'fields' => array('sections' => false) ) ); //Save on a bit of bandwidth.
if ( is_wp_error($api) )
wp_die($api);
echo '<div class="wrap">';
echo '<h2>', sprintf( __('Installing Plugin: %s'), $api->name . ' ' . $api->version ), '</h2>';
@ -834,6 +866,4 @@ function wp_install_plugin_local_package($package, $feedback = '') {
return $folder . '/' . $pluginfiles[0];
}
?>

View File

@ -108,6 +108,9 @@ if ( !defined('WP_CONTENT_DIR') )
define( 'WP_CONTENT_DIR', ABSPATH . 'wp-content' ); // no trailing slash, full paths only - WP_CONTENT_URL is defined further down
if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) {
include(ABSPATH . '.maintenance');
// If the $upgrading timestamp is older than 10 minutes, don't die.
if ( ( time() - $upgrading ) < 600 ) {
if ( file_exists( WP_CONTENT_DIR . '/maintenance.php' ) ) {
require_once( WP_CONTENT_DIR . '/maintenance.php' );
die();
@ -131,7 +134,8 @@ if ( file_exists(ABSPATH . '.maintenance') && !defined('WP_INSTALLING') ) {
</body>
</html>
<?php
die();
die();
}
}
if ( !extension_loaded('mysql') && !file_exists(WP_CONTENT_DIR . '/db.php') )