WordPress.org

Making WordPress.org


Ignore:
Timestamp:
10/13/17 08:56:56 (2 months ago)
Author:
dd32
Message:

Plugin Directory: Generate md5 hashes for plugins.

This is a POC and may change or be removed in the future, it's here for testing purposes.

A api.wordpress.org endpoint may be available in the future to access it.
This is only enabled for the 'exploit-scanner' plugin at present, purely for testing, as it publishes the md5 hashes of its own files already

Compare https://wordpress.org/plugins/exploit-scanner/ to https://downloads.wordpress.org/plugins/exploit-scanner.1.5.2.checksums.json

See #3192

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php

    r5305 r6022  
    3737        $zip = basename( parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) ); 
    3838 
    39         $slug = false; 
     39        if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(\.(?P<version>.+?))?\.(?P<request_type>zip|checksums\.json)$!i", $zip, $m ) ) { 
     40            throw new Exception( __METHOD__ . ": Invalid URL." ); 
     41        } 
     42 
     43        $slug = strtolower( $m['slug'] ); 
     44 
    4045        $version = 'trunk'; 
    41  
    42         if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(.(?P<version>.+))?.zip$!i", $zip, $m ) ) { 
    43             throw new Exception( __METHOD__ . ": Invalid URL." ); 
    44         } 
    45  
    46         $slug = strtolower( $m['slug'] ); 
    47         if ( isset( $m['version'] ) ) { 
     46        if ( isset( $m['version'] ) && '' !== $m['version'] ) { 
    4847            $version = $m['version']; 
    4948        } 
    50  
    5149        if ( 'latest-stable' == $version ) { 
    5250            $version = $this->get_stable_tag( $slug ); 
     51        } 
     52 
     53        if ( 'zip' == strtolower( $m['request_type'] ) ) { 
     54            $checksum_request = false; 
     55        } else { 
     56            $checksum_request = true; 
     57 
     58            // Checksum requests for 'trunk' are not possible. 
     59            if ( 'trunk' == $version ) { 
     60                throw new Exception( __METHOD__ . ": Checksum requests must include a version." ); 
     61            } 
     62 
    5363        } 
    5464 
     
    5666            'stats' => true, 
    5767        ); 
    58         if ( isset( $_GET['stats'] ) ) { 
     68 
     69        if ( $checksum_request ) { 
     70            $args['stats'] = false; 
     71 
     72        } elseif ( isset( $_GET['stats'] ) ) { 
    5973            $args['stats'] = (bool) $_GET['stats']; 
     74 
    6075        } elseif ( isset( $_GET['nostats'] ) ) { 
    6176            $args['stats'] = !empty( $_GET['nostats'] ); 
    6277        } 
    6378 
    64         return compact( 'zip', 'slug', 'version', 'args' ); 
     79        return compact( 'zip', 'slug', 'version', 'args', 'checksum_request' ); 
    6580    } 
    6681 
     
    118133 
    119134    /** 
    120      * Returns the files to use for the request. 
     135     * Returns the file to be served for the request. 
    121136     * 
    122137     * @param array $request The request object for the request. 
    123      * @return array An array containing the files to use for the request, 'zip' and 'md5'. 
     138     * @return array The file to serve. 
    124139     */ 
    125140    protected function get_file( $request ) { 
    126         if ( empty( $request['version'] ) || 'trunk' == $request['version'] ) { 
     141        // Checksum requests must include a version 
     142        if ( $request['checksum_request'] ) { 
     143            return "{$request['slug']}/{$request['slug']}.{$request['version']}.checksums.json"; 
     144 
     145        } elseif ( empty( $request['version'] ) || 'trunk' == $request['version'] ) { 
    127146            return "{$request['slug']}/{$request['slug']}.zip"; 
     147 
    128148        } else { 
    129149            return "{$request['slug']}/{$request['slug']}.{$request['version']}.zip"; 
    130150        } 
     151 
    131152    } 
    132153 
     
    137158     */ 
    138159    protected function serve_zip( $request ) { 
    139         $zip = $this->get_file( $request ); 
     160        $file = $this->get_file( $request ); 
    140161 
    141162        if ( defined( 'PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION' ) ) { 
    142             $zip_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $zip; 
    143  
    144             header( 'Content-Type: application/zip' ); 
    145             header( 'Content-Disposition: attachment; filename=' . basename( $zip ) ); 
    146             header( "X-Accel-Redirect: $zip_url" ); 
     163            $file_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $file; 
     164 
     165            if ( $request['checksum_request'] ) { 
     166                header( 'Content-Type: application/json' ); 
     167            } else { 
     168                header( 'Content-Type: application/zip' ); 
     169                header( 'Content-Disposition: attachment; filename=' . basename( $file ) ); 
     170            } 
     171            header( "X-Accel-Redirect: $file_url" ); 
    147172        } else { 
    148173            header( 'Content-Type: text/plain' ); 
    149             echo "This is a request for $zip, this server isn't currently configured to serve zip files.\n"; 
     174            echo "This is a request for $file, this server isn't currently configured to serve files.\n"; 
    150175        } 
    151176 
Note: See TracChangeset for help on using the changeset viewer.