WordPress.org

Making WordPress.org


Ignore:
Timestamp:
10/13/2017 08:56:56 AM (9 months ago)
Author:
dd32
Message:

Plugin Directory: Generate md5 hashes for plugins.

This is a POC and may change or be removed in the future, it's here for testing purposes.

A api.wordpress.org endpoint may be available in the future to access it.
This is only enabled for the 'exploit-scanner' plugin at present, purely for testing, as it publishes the md5 hashes of its own files already

Compare https://wordpress.org/plugins/exploit-scanner/ to https://downloads.wordpress.org/plugins/exploit-scanner.1.5.2.checksums.json

See #3192

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/zip/class-serve.php

    r5305 r6022  
    3737        $zip = basename( parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ) );
    3838
    39         $slug = false;
     39        if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(\.(?P<version>.+?))?\.(?P<request_type>zip|checksums\.json)$!i", $zip, $m ) ) {
     40            throw new Exception( __METHOD__ . ": Invalid URL." );
     41        }
     42
     43        $slug = strtolower( $m['slug'] );
     44
    4045        $version = 'trunk';
    41 
    42         if ( ! preg_match( "!^(?P<slug>[a-z0-9-_]+)(.(?P<version>.+))?.zip$!i", $zip, $m ) ) {
    43             throw new Exception( __METHOD__ . ": Invalid URL." );
    44         }
    45 
    46         $slug = strtolower( $m['slug'] );
    47         if ( isset( $m['version'] ) ) {
     46        if ( isset( $m['version'] ) && '' !== $m['version'] ) {
    4847            $version = $m['version'];
    4948        }
    50 
    5149        if ( 'latest-stable' == $version ) {
    5250            $version = $this->get_stable_tag( $slug );
     51        }
     52
     53        if ( 'zip' == strtolower( $m['request_type'] ) ) {
     54            $checksum_request = false;
     55        } else {
     56            $checksum_request = true;
     57
     58            // Checksum requests for 'trunk' are not possible.
     59            if ( 'trunk' == $version ) {
     60                throw new Exception( __METHOD__ . ": Checksum requests must include a version." );
     61            }
     62
    5363        }
    5464
     
    5666            'stats' => true,
    5767        );
    58         if ( isset( $_GET['stats'] ) ) {
     68
     69        if ( $checksum_request ) {
     70            $args['stats'] = false;
     71
     72        } elseif ( isset( $_GET['stats'] ) ) {
    5973            $args['stats'] = (bool) $_GET['stats'];
     74
    6075        } elseif ( isset( $_GET['nostats'] ) ) {
    6176            $args['stats'] = !empty( $_GET['nostats'] );
    6277        }
    6378
    64         return compact( 'zip', 'slug', 'version', 'args' );
     79        return compact( 'zip', 'slug', 'version', 'args', 'checksum_request' );
    6580    }
    6681
     
    118133
    119134    /**
    120      * Returns the files to use for the request.
     135     * Returns the file to be served for the request.
    121136     *
    122137     * @param array $request The request object for the request.
    123      * @return array An array containing the files to use for the request, 'zip' and 'md5'.
     138     * @return array The file to serve.
    124139     */
    125140    protected function get_file( $request ) {
    126         if ( empty( $request['version'] ) || 'trunk' == $request['version'] ) {
     141        // Checksum requests must include a version
     142        if ( $request['checksum_request'] ) {
     143            return "{$request['slug']}/{$request['slug']}.{$request['version']}.checksums.json";
     144
     145        } elseif ( empty( $request['version'] ) || 'trunk' == $request['version'] ) {
    127146            return "{$request['slug']}/{$request['slug']}.zip";
     147
    128148        } else {
    129149            return "{$request['slug']}/{$request['slug']}.{$request['version']}.zip";
    130150        }
     151
    131152    }
    132153
     
    137158     */
    138159    protected function serve_zip( $request ) {
    139         $zip = $this->get_file( $request );
     160        $file = $this->get_file( $request );
    140161
    141162        if ( defined( 'PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION' ) ) {
    142             $zip_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $zip;
    143 
    144             header( 'Content-Type: application/zip' );
    145             header( 'Content-Disposition: attachment; filename=' . basename( $zip ) );
    146             header( "X-Accel-Redirect: $zip_url" );
     163            $file_url = PLUGIN_ZIP_X_ACCEL_REDIRECT_LOCATION . $file;
     164
     165            if ( $request['checksum_request'] ) {
     166                header( 'Content-Type: application/json' );
     167            } else {
     168                header( 'Content-Type: application/zip' );
     169                header( 'Content-Disposition: attachment; filename=' . basename( $file ) );
     170            }
     171            header( "X-Accel-Redirect: $file_url" );
    147172        } else {
    148173            header( 'Content-Type: text/plain' );
    149             echo "This is a request for $zip, this server isn't currently configured to serve zip files.\n";
     174            echo "This is a request for $file, this server isn't currently configured to serve files.\n";
    150175        }
    151176
Note: See TracChangeset for help on using the changeset viewer.