vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2025-10-16 12:05:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Upgrade/Install: Introduce WP_Automatic_Updater::is_allowed_dir() method.

Browse Source 
As part of determining whether to perform automatic updates, WordPress checks if it is running within a version-controlled environment, recursively looking up the filesystem to the top of the drive, looking for a Subversion, Git, Mercurial, or Bazaar directory, erring on the side of detecting a VCS checkout somewhere.

This commit avoids a PHP warning if the `open_basedir` directive is in use and any of the directories checked in the process are not allowed:
{{{
is_dir(): open_basedir restriction in effect. File(/.git) is not within the allowed path(s)
}}}

Follow-up to [25421], [25700], [25764], [25835], [25859].

Props costdev, markjaquith, meyegui, dd32, arnolp, robin-labadie, hellofromTonya, afragen, pbiron, SergeyBiryukov.
Fixes #42619.

git-svn-id: https://develop.svn.wordpress.org/trunk@55425 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Sergey Biryukov 2023-02-26 15:17:45 +00:00
parent 21d70052b6
commit 12fcc5cfac
2 changed files with 187 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
src/wp-admin/includes/class-wp-automatic-updater.php
View File

@ -56,6 +56,54 @@ class WP_Automatic_Updater {
return apply_filters( 'automatic_updater_disabled', $disabled );
}
/**
* Checks whether access to a given directory is allowed.
*
* This is used when detecting version control checkouts. Takes into account
* the PHP `open_basedir` restrictions, so that WordPress does not try to access
* directories it is not allowed to.
*
* @since 6.2.0
*
* @param string $dir The directory to check.
* @return bool True if access to the directory is allowed, false otherwise.
*/
public function is_allowed_dir( $dir ) {
if ( is_string( $dir ) ) {
$dir = trim( $dir );
}
if ( ! is_string( $dir ) || '' === $dir ) {
_doing_it_wrong(
__METHOD__,
sprintf(
/* translators: %s: The "$dir" argument. */
__( 'The "%s" argument must be a non-empty string.' ),
'$dir'
),
'6.2.0'
);
return false;
}
$open_basedir = ini_get( 'open_basedir' );
if ( empty( $open_basedir ) ) {
return true;
}
$open_basedir_list = explode( PATH_SEPARATOR, $open_basedir );
foreach ( $open_basedir_list as $basedir ) {
if ( '' !== trim( $basedir ) && str_starts_with( $dir, $basedir ) ) {
return true;
}
}
return false;
}
/**
* Checks for version control checkouts.
*
@ -102,7 +150,11 @@ class WP_Automatic_Updater {
// Search all directories we've found for evidence of version control.
foreach ( $vcs_dirs as $vcs_dir ) {
foreach ( $check_dirs as $check_dir ) {
$checkout = @is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" );
if ( ! $this->is_allowed_dir( $check_dir ) ) {
continue;
}
$checkout = is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" );
if ( $checkout ) {
break 2;
}

134
tests/phpunit/tests/admin/wpAutomaticUpdater.php
View File

@ -572,4 +572,138 @@ class Tests_Admin_WpAutomaticUpdater extends WP_UnitTestCase {
),
);
}
/**
* Tests that `WP_Automatic_Updater::is_allowed_dir()` returns true
* when the `open_basedir` directive is not set.
*
* @ticket 42619
*
* @covers WP_Automatic_Updater::is_allowed_dir
*/
public function test_is_allowed_dir_should_return_true_if_open_basedir_is_not_set() {
$this->assertTrue( self::$updater->is_allowed_dir( ABSPATH ) );
}
/**
* Tests that `WP_Automatic_Updater::is_allowed_dir()` returns true
* when the `open_basedir` directive is set and the path is allowed.
*
* Runs in a separate process to ensure that `open_basedir` changes
* don't impact other tests should an error occur.
*
* This test does not preserve global state to prevent the exception
* "Serialization of 'Closure' is not allowed" when running in
* a separate process.
*
* @ticket 42619
*
* @covers WP_Automatic_Updater::is_allowed_dir
*
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function test_is_allowed_dir_should_return_true_if_open_basedir_is_set_and_path_is_allowed() {
// The repository for PHPUnit and test suite resources.
$abspath_parent = trailingslashit( dirname( ABSPATH ) );
$abspath_grandparent = trailingslashit( dirname( $abspath_parent ) );
$open_basedir_backup = ini_get( 'open_basedir' );
// Allow access to the directory one level above the repository.
ini_set( 'open_basedir', wp_normalize_path( $abspath_grandparent ) );
// Checking an allowed directory should succeed.
$actual = self::$updater->is_allowed_dir( wp_normalize_path( ABSPATH ) );
ini_set( 'open_basedir', $open_basedir_backup );
$this->assertTrue( $actual );
}
/**
* Tests that `WP_Automatic_Updater::is_allowed_dir()` returns false
* when the `open_basedir` directive is set and the path is not allowed.
*
* Runs in a separate process to ensure that `open_basedir` changes
* don't impact other tests should an error occur.
*
* This test does not preserve global state to prevent the exception
* "Serialization of 'Closure' is not allowed" when running in
* a separate process.
*
* @ticket 42619
*
* @covers WP_Automatic_Updater::is_allowed_dir
*
* @runInSeparateProcess
* @preserveGlobalState disabled
*/
public function test_is_allowed_dir_should_return_false_if_open_basedir_is_set_and_path_is_not_allowed() {
// The repository for PHPUnit and test suite resources.
$abspath_parent = trailingslashit( dirname( ABSPATH ) );
$abspath_grandparent = trailingslashit( dirname( $abspath_parent ) );
$open_basedir_backup = ini_get( 'open_basedir' );
// Allow access to the directory one level above the repository.
ini_set( 'open_basedir', wp_normalize_path( $abspath_grandparent ) );
// Checking a directory not within the allowed path should trigger an `open_basedir` warning.
$actual = self::$updater->is_allowed_dir( '/.git' );
ini_set( 'open_basedir', $open_basedir_backup );
$this->assertFalse( $actual );
}
/**
* Tests that `WP_Automatic_Updater::is_allowed_dir()` throws `_doing_it_wrong()`
* when an invalid `$dir` argument is provided.
*
* @ticket 42619
*
* @covers WP_Automatic_Updater::is_allowed_dir
*
* @expectedIncorrectUsage WP_Automatic_Updater::is_allowed_dir
*
* @dataProvider data_is_allowed_dir_should_throw_doing_it_wrong_with_invalid_dir
*
* @param mixed $dir The directory to check.
*/
public function test_is_allowed_dir_should_throw_doing_it_wrong_with_invalid_dir( $dir ) {
$this->assertFalse( self::$updater->is_allowed_dir( $dir ) );
}
/**
* Data provider.
*
* @return array[]
*/
public function data_is_allowed_dir_should_throw_doing_it_wrong_with_invalid_dir() {
return array(
// Type checks and boolean comparisons.
'null' => array( 'dir' => null ),
'(bool) false' => array( 'dir' => false ),
'(bool) true' => array( 'dir' => true ),
'(int) 0' => array( 'dir' => 0 ),
'(int) -0' => array( 'dir' => -0 ),
'(int) 1' => array( 'dir' => 1 ),
'(int) -1' => array( 'dir' => -1 ),
'(float) 0.0' => array( 'dir' => 0.0 ),
'(float) -0.0' => array( 'dir' => -0.0 ),
'(float) 1.0' => array( 'dir' => 1.0 ),
'empty string' => array( 'dir' => '' ),
'empty array' => array( 'dir' => array() ),
'populated array' => array( 'dir' => array( ABSPATH ) ),
'empty object' => array( 'dir' => new stdClass() ),
'populated object' => array( 'dir' => (object) array( ABSPATH ) ),
'INF' => array( 'dir' => INF ),
'NAN' => array( 'dir' => NAN ),
// Ensures that `trim()` has been called.
'string with only spaces' => array( 'dir' => ' ' ),
'string with only tabs' => array( 'dir' => "\t\t" ),
'string with only newlines' => array( 'dir' => "\n\n" ),
'string with only carriage returns' => array( 'dir' => "\r\r" ),
);
}
}