Upgrade/Install: Add more context in signature verify failures.
This includes version numbers and signature counts in error reports, to help diagnose isolated failures that have no apparent cause. Props dd32. See #39309. git-svn-id: https://develop.svn.wordpress.org/trunk@45112 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
9945849317
commit
45771f9f11
@ -1154,6 +1154,9 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
/* translators: 1: The filename of the package. */
|
||||
__( 'The authenticity of %1$s could not be verified as no signature was found.' ),
|
||||
'<span class="code">' . esc_html( $filename_for_errors ) . '</span>'
|
||||
),
|
||||
array(
|
||||
'filename' => $filename_for_errors,
|
||||
)
|
||||
);
|
||||
}
|
||||
@ -1163,11 +1166,14 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
|
||||
mbstring_binary_safe_encoding();
|
||||
|
||||
$skipped_key = $skipped_signature = 0;
|
||||
|
||||
foreach ( (array) $signatures as $signature ) {
|
||||
$signature_raw = base64_decode( $signature );
|
||||
|
||||
// Ensure only valid-length signatures are considered.
|
||||
if ( SODIUM_CRYPTO_SIGN_BYTES !== strlen( $signature_raw ) ) {
|
||||
$skipped_signature++;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1176,6 +1182,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
|
||||
// Only pass valid public keys through.
|
||||
if ( SODIUM_CRYPTO_SIGN_PUBLICKEYBYTES !== strlen( $key_raw ) ) {
|
||||
$skipped_key++;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -1201,6 +1208,10 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
'keys' => $trusted_keys,
|
||||
'signatures' => $signatures,
|
||||
'hash' => bin2hex( $file_hash ),
|
||||
'skipped_key' => $skipped_key,
|
||||
'skipped_sig' => $skipped_signature,
|
||||
'php' => phpversion(),
|
||||
'sodium' => defined( 'SODIUM_LIBRARY_VERSION' ) ? SODIUM_LIBRARY_VERSION : ( defined( 'ParagonIE_Sodium_Compat::VERSION_STRING' ) ? ParagonIE_Sodium_Compat::VERSION_STRING : false ),
|
||||
)
|
||||
);
|
||||
}
|
||||
@ -1210,7 +1221,7 @@ function verify_file_signature( $filename, $signatures, $filename_for_errors = f
|
||||
*
|
||||
* @since 5.2.0
|
||||
*
|
||||
* @return array List of hex-encoded Signing keys.
|
||||
* @return array List of base64-encoded Signing keys.
|
||||
*/
|
||||
function wp_trusted_keys() {
|
||||
$trusted_keys = array();
|
||||
|
Loading…
Reference in New Issue
Block a user