Upgrade/Install: Add more context in signature verify failures.

This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause. Props dd32. See #39309. git-svn-id: https://develop.svn.wordpress.org/trunk@45112 602fd350-edb4-49c9-b593-d223f7449a82
2019-04-05 05:19:15 +00:00 · 2019-04-05 05:19:15 +00:00 · 45771f9f11
commit 45771f9f11
parent 9945849317
1 changed files with 16 additions and 5 deletions
--- a/src/wp-admin/includes/file.php
+++ b/src/wp-admin/includes/file.php
@ -1154,6 +1154,9 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
 				/* translators: 1: The filename of the package. */
 				__( 'The authenticity of %1$s could not be verified as no signature was found.' ),
 				'<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
+			),
+			array(
+				'filename' => $filename_for_errors,
 			)
 		);
 	}
@ -1163,11 +1166,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f

 	mbstring_binary_safe_encoding();

+	$skipped_key = $skipped_signature = 0;
+
 	foreach ( (array) $signatures as $signature ) {
 		$signature_raw = base64_decode( $signature );

 		// Ensure only valid-length signatures are considered.
 		if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
+			$skipped_signature++;
 			continue;
 		}

@ -1176,6 +1182,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f

 			// Only pass valid public keys through.
 			if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
+				$skipped_key++;
 				continue;
 			}

@ -1197,10 +1204,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
 		),
 		// Error data helpful for debugging:
 		array(
-			'filename'   => $filename_for_errors,
-			'keys'       => $trusted_keys,
-			'signatures' => $signatures,
-			'hash'       => bin2hex( $file_hash ),
+			'filename'    => $filename_for_errors,
+			'keys'        => $trusted_keys,
+			'signatures'  => $signatures,
+			'hash'        => bin2hex( $file_hash ),
+			'skipped_key' => $skipped_key,
+			'skipped_sig' => $skipped_signature,
+			'php'         => phpversion(),
+			'sodium'      => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
 		)
 	);
 }
@ -1210,7 +1221,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
 *
 * @since 5.2.0
 *
- * @return array List of hex-encoded Signing keys.
+ * @return array List of base64-encoded Signing keys.
 */
 function wp_trusted_keys() {
 	$trusted_keys = array();