--- a/wp/wp-admin/includes/class-wp-automatic-updater.php Thu Sep 29 08:06:27 2022 +0200
+++ b/wp/wp-admin/includes/class-wp-automatic-updater.php Fri Sep 05 18:40:08 2025 +0200
@@ -13,6 +13,7 @@
* @since 3.7.0
* @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
*/
+#[AllowDynamicProperties]
class WP_Automatic_Updater {
/**
@@ -26,6 +27,8 @@
* Determines whether the entire automatic updater is disabled.
*
* @since 3.7.0
+ *
+ * @return bool True if the automatic updater is disabled, false otherwise.
*/
public function is_disabled() {
// Background updates are disabled if you don't want file changes.
@@ -56,6 +59,54 @@
}
/**
+ * Checks whether access to a given directory is allowed.
+ *
+ * This is used when detecting version control checkouts. Takes into account
+ * the PHP `open_basedir` restrictions, so that WordPress does not try to access
+ * directories it is not allowed to.
+ *
+ * @since 6.2.0
+ *
+ * @param string $dir The directory to check.
+ * @return bool True if access to the directory is allowed, false otherwise.
+ */
+ public function is_allowed_dir( $dir ) {
+ if ( is_string( $dir ) ) {
+ $dir = trim( $dir );
+ }
+
+ if ( ! is_string( $dir ) || '' === $dir ) {
+ _doing_it_wrong(
+ __METHOD__,
+ sprintf(
+ /* translators: %s: The "$dir" argument. */
+ __( 'The "%s" argument must be a non-empty string.' ),
+ '$dir'
+ ),
+ '6.2.0'
+ );
+
+ return false;
+ }
+
+ $open_basedir = ini_get( 'open_basedir' );
+
+ if ( empty( $open_basedir ) ) {
+ return true;
+ }
+
+ $open_basedir_list = explode( PATH_SEPARATOR, $open_basedir );
+
+ foreach ( $open_basedir_list as $basedir ) {
+ if ( '' !== trim( $basedir ) && str_starts_with( $dir, $basedir ) ) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
* Checks for version control checkouts.
*
* Checks for Subversion, Git, Mercurial, and Bazaar. It recursively looks up the
@@ -97,11 +148,16 @@
}
$check_dirs = array_unique( $check_dirs );
+ $checkout = false;
// Search all directories we've found for evidence of version control.
foreach ( $vcs_dirs as $vcs_dir ) {
foreach ( $check_dirs as $check_dir ) {
- $checkout = @is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" );
+ if ( ! $this->is_allowed_dir( $check_dir ) ) {
+ continue;
+ }
+
+ $checkout = is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" );
if ( $checkout ) {
break 2;
}
@@ -138,7 +194,7 @@
*/
public function should_update( $type, $item, $context ) {
// Used to see if WP_Filesystem is set up to allow unattended updates.
- $skin = new Automatic_Upgrader_Skin;
+ $skin = new Automatic_Upgrader_Skin();
if ( $this->is_disabled() ) {
return false;
@@ -177,7 +233,7 @@
// If the `disable_autoupdate` flag is set, override any user-choice, but allow filters.
if ( ! empty( $item->disable_autoupdate ) ) {
- $update = $item->disable_autoupdate;
+ $update = false;
}
/**
@@ -222,7 +278,7 @@
if ( 'core' === $type ) {
global $wpdb;
- $php_compat = version_compare( phpversion(), $item->php_version, '>=' );
+ $php_compat = version_compare( PHP_VERSION, $item->php_version, '>=' );
if ( file_exists( WP_CONTENT_DIR . '/db.php' ) && empty( $wpdb->is_mysql ) ) {
$mysql_compat = true;
} else {
@@ -236,7 +292,7 @@
// If updating a plugin or theme, ensure the minimum PHP version requirements are satisfied.
if ( in_array( $type, array( 'plugin', 'theme' ), true ) ) {
- if ( ! empty( $item->requires_php ) && version_compare( phpversion(), $item->requires_php, '<' ) ) {
+ if ( ! empty( $item->requires_php ) && version_compare( PHP_VERSION, $item->requires_php, '<' ) ) {
return false;
}
}
@@ -304,7 +360,7 @@
* @return null|WP_Error
*/
public function update( $type, $item ) {
- $skin = new Automatic_Upgrader_Skin;
+ $skin = new Automatic_Upgrader_Skin();
switch ( $type ) {
case 'core':
@@ -390,6 +446,34 @@
$allow_relaxed_file_ownership = true;
}
+ $is_debug = WP_DEBUG && WP_DEBUG_LOG;
+ if ( 'plugin' === $type ) {
+ $was_active = is_plugin_active( $upgrader_item );
+ if ( $is_debug ) {
+ error_log( ' Upgrading plugin ' . var_export( $item->slug, true ) . '...' );
+ }
+ }
+
+ if ( 'theme' === $type && $is_debug ) {
+ error_log( ' Upgrading theme ' . var_export( $item->theme, true ) . '...' );
+ }
+
+ /*
+ * Enable maintenance mode before upgrading the plugin or theme.
+ *
+ * This avoids potential non-fatal errors being detected
+ * while scraping for a fatal error if some files are still
+ * being moved.
+ *
+ * While these checks are intended only for plugins,
+ * maintenance mode is enabled for all upgrade types as any
+ * update could contain an error or warning, which could cause
+ * the scrape to miss a fatal error in the plugin update.
+ */
+ if ( 'translation' !== $type ) {
+ $upgrader->maintenance_mode( true );
+ }
+
// Boom, this site's about to get a whole new splash of paint!
$upgrade_result = $upgrader->upgrade(
$upgrader_item,
@@ -404,6 +488,19 @@
)
);
+ /*
+ * After WP_Upgrader::upgrade() completes, maintenance mode is disabled.
+ *
+ * Re-enable maintenance mode while attempting to detect fatal errors
+ * and potentially rolling back.
+ *
+ * This avoids errors if the site is visited while fatal errors exist
+ * or while files are still being moved.
+ */
+ if ( 'translation' !== $type ) {
+ $upgrader->maintenance_mode( true );
+ }
+
// If the filesystem is unavailable, false is returned.
if ( false === $upgrade_result ) {
$upgrade_result = new WP_Error( 'fs_unavailable', __( 'Could not access filesystem.' ) );
@@ -414,8 +511,13 @@
&& ( 'up_to_date' === $upgrade_result->get_error_code()
|| 'locked' === $upgrade_result->get_error_code() )
) {
- // These aren't actual errors, treat it as a skipped-update instead
- // to avoid triggering the post-core update failure routines.
+ // Allow visitors to browse the site again.
+ $upgrader->maintenance_mode( false );
+
+ /*
+ * These aren't actual errors, treat it as a skipped-update instead
+ * to avoid triggering the post-core update failure routines.
+ */
return false;
}
@@ -428,6 +530,100 @@
}
}
+ $is_debug = WP_DEBUG && WP_DEBUG_LOG;
+
+ if ( 'theme' === $type && $is_debug ) {
+ error_log( ' Theme ' . var_export( $item->theme, true ) . ' has been upgraded.' );
+ }
+
+ if ( 'plugin' === $type ) {
+ if ( $is_debug ) {
+ error_log( ' Plugin ' . var_export( $item->slug, true ) . ' has been upgraded.' );
+ if ( is_plugin_inactive( $upgrader_item ) ) {
+ error_log( ' ' . var_export( $upgrader_item, true ) . ' is inactive and will not be checked for fatal errors.' );
+ }
+ }
+
+ if ( $was_active && ! is_wp_error( $upgrade_result ) ) {
+
+ /*
+ * The usual time limit is five minutes. However, as a loopback request
+ * is about to be performed, increase the time limit to account for this.
+ */
+ if ( function_exists( 'set_time_limit' ) ) {
+ set_time_limit( 10 * MINUTE_IN_SECONDS );
+ }
+
+ /*
+ * Avoids a race condition when there are 2 sequential plugins that have
+ * fatal errors. It seems a slight delay is required for the loopback to
+ * use the updated plugin code in the request. This can cause the second
+ * plugin's fatal error checking to be inaccurate, and may also affect
+ * subsequent plugin checks.
+ */
+ sleep( 2 );
+
+ if ( $this->has_fatal_error() ) {
+ $upgrade_result = new WP_Error();
+ $temp_backup = array(
+ array(
+ 'dir' => 'plugins',
+ 'slug' => $item->slug,
+ 'src' => WP_PLUGIN_DIR,
+ ),
+ );
+
+ $backup_restored = $upgrader->restore_temp_backup( $temp_backup );
+ if ( is_wp_error( $backup_restored ) ) {
+ $upgrade_result->add(
+ 'plugin_update_fatal_error_rollback_failed',
+ sprintf(
+ /* translators: %s: The plugin's slug. */
+ __( "The update for '%s' contained a fatal error. The previously installed version could not be restored." ),
+ $item->slug
+ )
+ );
+
+ $upgrade_result->merge_from( $backup_restored );
+ } else {
+ $upgrade_result->add(
+ 'plugin_update_fatal_error_rollback_successful',
+ sprintf(
+ /* translators: %s: The plugin's slug. */
+ __( "The update for '%s' contained a fatal error. The previously installed version has been restored." ),
+ $item->slug
+ )
+ );
+
+ $backup_deleted = $upgrader->delete_temp_backup( $temp_backup );
+ if ( is_wp_error( $backup_deleted ) ) {
+ $upgrade_result->merge_from( $backup_deleted );
+ }
+ }
+
+ /*
+ * Should emails not be working, log the message(s) so that
+ * the log file contains context for the fatal error,
+ * and whether a rollback was performed.
+ *
+ * `trigger_error()` is not used as it outputs a stack trace
+ * to this location rather than to the fatal error, which will
+ * appear above this entry in the log file.
+ */
+ if ( $is_debug ) {
+ error_log( ' ' . implode( "\n", $upgrade_result->get_error_messages() ) );
+ }
+ } elseif ( $is_debug ) {
+ error_log( ' The update for ' . var_export( $item->slug, true ) . ' has no fatal errors.' );
+ }
+ }
+ }
+
+ // All processes are complete. Allow visitors to browse the site again.
+ if ( 'translation' !== $type ) {
+ $upgrader->maintenance_mode( false );
+ }
+
$this->update_results[ $type ][] = (object) array(
'item' => $item,
'result' => $upgrade_result,
@@ -456,6 +652,12 @@
return;
}
+ $is_debug = WP_DEBUG && WP_DEBUG_LOG;
+
+ if ( $is_debug ) {
+ error_log( 'Automatic updates starting...' );
+ }
+
// Don't automatically run these things, as we'll handle it ourselves.
remove_action( 'upgrader_process_complete', array( 'Language_Pack_Upgrader', 'async_upgrade' ), 20 );
remove_action( 'upgrader_process_complete', 'wp_version_check' );
@@ -466,22 +668,43 @@
wp_update_plugins(); // Check for plugin updates.
$plugin_updates = get_site_transient( 'update_plugins' );
if ( $plugin_updates && ! empty( $plugin_updates->response ) ) {
+ if ( $is_debug ) {
+ error_log( ' Automatic plugin updates starting...' );
+ }
+
foreach ( $plugin_updates->response as $plugin ) {
$this->update( 'plugin', $plugin );
}
+
// Force refresh of plugin update information.
wp_clean_plugins_cache();
+
+ if ( $is_debug ) {
+ error_log( ' Automatic plugin updates complete.' );
+ }
}
// Next, those themes we all love.
wp_update_themes(); // Check for theme updates.
$theme_updates = get_site_transient( 'update_themes' );
if ( $theme_updates && ! empty( $theme_updates->response ) ) {
+ if ( $is_debug ) {
+ error_log( ' Automatic theme updates starting...' );
+ }
+
foreach ( $theme_updates->response as $theme ) {
$this->update( 'theme', (object) $theme );
}
// Force refresh of theme update information.
wp_clean_themes_cache();
+
+ if ( $is_debug ) {
+ error_log( ' Automatic theme updates complete.' );
+ }
+ }
+
+ if ( $is_debug ) {
+ error_log( 'Automatic updates complete.' );
}
// Next, process any core update.
@@ -492,8 +715,10 @@
$this->update( 'core', $core_update );
}
- // Clean up, and check for any pending translations.
- // (Core_Upgrader checks for core updates.)
+ /*
+ * Clean up, and check for any pending translations.
+ * (Core_Upgrader checks for core updates.)
+ */
$theme_stats = array();
if ( isset( $this->update_results['theme'] ) ) {
foreach ( $this->update_results['theme'] as $upgrade ) {
@@ -527,7 +752,7 @@
// Send debugging email to admin for all development installations.
if ( ! empty( $this->update_results ) ) {
- $development_version = false !== strpos( get_bloginfo( 'version' ), '-' );
+ $development_version = str_contains( get_bloginfo( 'version' ), '-' );
/**
* Filters whether to send a debugging email for each automatic background update.
@@ -562,8 +787,8 @@
}
/**
- * If we tried to perform a core update, check if we should send an email,
- * and if we need to avoid processing future updates.
+ * Checks whether to send an email and avoid processing future updates after
+ * attempting a core update.
*
* @since 3.7.0
*
@@ -582,16 +807,18 @@
$error_code = $result->get_error_code();
- // Any of these WP_Error codes are critical failures, as in they occurred after we started to copy core files.
- // We should not try to perform a background update again until there is a successful one-click update performed by the user.
+ /*
+ * Any of these WP_Error codes are critical failures, as in they occurred after we started to copy core files.
+ * We should not try to perform a background update again until there is a successful one-click update performed by the user.
+ */
$critical = false;
- if ( 'disk_full' === $error_code || false !== strpos( $error_code, '__copy_dir' ) ) {
+ if ( 'disk_full' === $error_code || str_contains( $error_code, '__copy_dir' ) ) {
$critical = true;
} elseif ( 'rollback_was_required' === $error_code && is_wp_error( $result->get_error_data()->rollback ) ) {
// A rollback is only critical if it failed too.
$critical = true;
$rollback_result = $result->get_error_data()->rollback;
- } elseif ( false !== strpos( $error_code, 'do_rollback' ) ) {
+ } elseif ( str_contains( $error_code, 'do_rollback' ) ) {
$critical = true;
}
@@ -775,8 +1002,10 @@
$body .= "\n\n";
- // Don't show this message if there is a newer version available.
- // Potential for confusion, and also not useful for them to know at this point.
+ /*
+ * Don't show this message if there is a newer version available.
+ * Potential for confusion, and also not useful for them to know at this point.
+ */
if ( 'fail' === $type && ! $newer_version_available ) {
$body .= __( 'An attempt was made, but your site could not be updated automatically.' ) . ' ';
}
@@ -829,7 +1058,7 @@
}
if ( $critical_support ) {
- $body .= ' ' . __( "If you reach out to us, we'll also ensure you'll never have this problem again." );
+ $body .= ' ' . __( "Reach out to WordPress Core developers to ensure you'll never have this problem again." );
}
// If things are successful and we're now on the latest, mention plugins and themes if any are out of date.
@@ -847,8 +1076,10 @@
$body .= ' ' . __( 'Some data that describes the error your site encountered has been put together.' );
$body .= ' ' . __( 'Your hosting company, support forum volunteers, or a friendly developer may be able to use this information to help you:' );
- // If we had a rollback and we're still critical, then the rollback failed too.
- // Loop through all errors (the main WP_Error, the update result, the rollback result) for code, data, etc.
+ /*
+ * If we had a rollback and we're still critical, then the rollback failed too.
+ * Loop through all errors (the main WP_Error, the update result, the rollback result) for code, data, etc.
+ */
if ( 'rollback_was_required' === $result->get_error_code() ) {
$errors = array( $result, $result->get_error_data()->update, $result->get_error_data()->rollback );
} else {
@@ -912,7 +1143,7 @@
/**
- * If we tried to perform plugin or theme updates, check if we should send an email.
+ * Checks whether an email should be sent after attempting plugin or theme updates.
*
* @since 5.5.0
*
@@ -1097,26 +1328,37 @@
// List failed plugin updates.
if ( ! empty( $failed_updates['plugin'] ) ) {
- $body[] = __( 'These plugins failed to update:' );
+ $body[] = __( 'The following plugins failed to update. If there was a fatal error in the update, the previously installed version has been restored.' );
foreach ( $failed_updates['plugin'] as $item ) {
+ $body_message = '';
+ $item_url = '';
+
+ if ( ! empty( $item->item->url ) ) {
+ $item_url = ' : ' . esc_url( $item->item->url );
+ }
+
if ( $item->item->current_version ) {
- $body[] = sprintf(
- /* translators: 1: Plugin name, 2: Current version number, 3: New version number. */
- __( '- %1$s (from version %2$s to %3$s)' ),
- $item->name,
+ $body_message .= sprintf(
+ /* translators: 1: Plugin name, 2: Current version number, 3: New version number, 4: Plugin URL. */
+ __( '- %1$s (from version %2$s to %3$s)%4$s' ),
+ html_entity_decode( $item->name ),
$item->item->current_version,
- $item->item->new_version
+ $item->item->new_version,
+ $item_url
);
} else {
- $body[] = sprintf(
- /* translators: 1: Plugin name, 2: Version number. */
- __( '- %1$s version %2$s' ),
- $item->name,
- $item->item->new_version
+ $body_message .= sprintf(
+ /* translators: 1: Plugin name, 2: Version number, 3: Plugin URL. */
+ __( '- %1$s version %2$s%3$s' ),
+ html_entity_decode( $item->name ),
+ $item->item->new_version,
+ $item_url
);
}
+ $body[] = $body_message;
+
$past_failure_emails[ $item->item->plugin ] = $item->item->new_version;
}
@@ -1132,7 +1374,7 @@
$body[] = sprintf(
/* translators: 1: Theme name, 2: Current version number, 3: New version number. */
__( '- %1$s (from version %2$s to %3$s)' ),
- $item->name,
+ html_entity_decode( $item->name ),
$item->item->current_version,
$item->item->new_version
);
@@ -1140,7 +1382,7 @@
$body[] = sprintf(
/* translators: 1: Theme name, 2: Version number. */
__( '- %1$s version %2$s' ),
- $item->name,
+ html_entity_decode( $item->name ),
$item->item->new_version
);
}
@@ -1161,22 +1403,32 @@
$body[] = __( 'These plugins are now up to date:' );
foreach ( $successful_updates['plugin'] as $item ) {
+ $body_message = '';
+ $item_url = '';
+
+ if ( ! empty( $item->item->url ) ) {
+ $item_url = ' : ' . esc_url( $item->item->url );
+ }
+
if ( $item->item->current_version ) {
- $body[] = sprintf(
- /* translators: 1: Plugin name, 2: Current version number, 3: New version number. */
- __( '- %1$s (from version %2$s to %3$s)' ),
- $item->name,
+ $body_message .= sprintf(
+ /* translators: 1: Plugin name, 2: Current version number, 3: New version number, 4: Plugin URL. */
+ __( '- %1$s (from version %2$s to %3$s)%4$s' ),
+ html_entity_decode( $item->name ),
$item->item->current_version,
- $item->item->new_version
+ $item->item->new_version,
+ $item_url
);
} else {
- $body[] = sprintf(
- /* translators: 1: Plugin name, 2: Version number. */
- __( '- %1$s version %2$s' ),
- $item->name,
- $item->item->new_version
+ $body_message .= sprintf(
+ /* translators: 1: Plugin name, 2: Version number, 3: Plugin URL. */
+ __( '- %1$s version %2$s%3$s' ),
+ html_entity_decode( $item->name ),
+ $item->item->new_version,
+ $item_url
);
}
+ $body[] = $body_message;
unset( $past_failure_emails[ $item->item->plugin ] );
}
@@ -1193,7 +1445,7 @@
$body[] = sprintf(
/* translators: 1: Theme name, 2: Current version number, 3: New version number. */
__( '- %1$s (from version %2$s to %3$s)' ),
- $item->name,
+ html_entity_decode( $item->name ),
$item->item->current_version,
$item->item->new_version
);
@@ -1201,7 +1453,7 @@
$body[] = sprintf(
/* translators: 1: Theme name, 2: Version number. */
__( '- %1$s version %2$s' ),
- $item->name,
+ html_entity_decode( $item->name ),
$item->item->new_version
);
}
@@ -1303,7 +1555,7 @@
} else {
/* translators: %s: WordPress version. */
$body[] = sprintf( __( 'FAILED: WordPress failed to update to %s' ), $result->name );
- $failures++;
+ ++$failures;
}
$body[] = '';
@@ -1345,7 +1597,7 @@
if ( ! $item->result || is_wp_error( $item->result ) ) {
/* translators: %s: Name of plugin / theme / translation. */
$body[] = ' * ' . sprintf( __( 'FAILED: %s' ), $item->name );
- $failures++;
+ ++$failures;
}
}
}
@@ -1464,4 +1716,91 @@
wp_mail( $email['to'], wp_specialchars_decode( $email['subject'] ), $email['body'], $email['headers'] );
}
+
+ /**
+ * Performs a loopback request to check for potential fatal errors.
+ *
+ * Fatal errors cannot be detected unless maintenance mode is enabled.
+ *
+ * @since 6.6.0
+ *
+ * @global int $upgrading The Unix timestamp marking when upgrading WordPress began.
+ *
+ * @return bool Whether a fatal error was detected.
+ */
+ protected function has_fatal_error() {
+ global $upgrading;
+
+ $maintenance_file = ABSPATH . '.maintenance';
+ if ( ! file_exists( $maintenance_file ) ) {
+ return false;
+ }
+
+ require $maintenance_file;
+ if ( ! is_int( $upgrading ) ) {
+ return false;
+ }
+
+ $scrape_key = md5( $upgrading );
+ $scrape_nonce = (string) $upgrading;
+ $transient = 'scrape_key_' . $scrape_key;
+ set_transient( $transient, $scrape_nonce, 30 );
+
+ $cookies = wp_unslash( $_COOKIE );
+ $scrape_params = array(
+ 'wp_scrape_key' => $scrape_key,
+ 'wp_scrape_nonce' => $scrape_nonce,
+ );
+ $headers = array(
+ 'Cache-Control' => 'no-cache',
+ );
+
+ /** This filter is documented in wp-includes/class-wp-http-streams.php */
+ $sslverify = apply_filters( 'https_local_ssl_verify', false );
+
+ // Include Basic auth in the loopback request.
+ if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
+ $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
+ }
+
+ // Time to wait for loopback request to finish.
+ $timeout = 50; // 50 seconds.
+
+ $is_debug = WP_DEBUG && WP_DEBUG_LOG;
+ if ( $is_debug ) {
+ error_log( ' Scraping home page...' );
+ }
+
+ $needle_start = "###### wp_scraping_result_start:$scrape_key ######";
+ $needle_end = "###### wp_scraping_result_end:$scrape_key ######";
+ $url = add_query_arg( $scrape_params, home_url( '/' ) );
+ $response = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );
+
+ if ( is_wp_error( $response ) ) {
+ if ( $is_debug ) {
+ error_log( 'Loopback request failed: ' . $response->get_error_message() );
+ }
+ return true;
+ }
+
+ // If this outputs `true` in the log, it means there were no fatal errors detected.
+ if ( $is_debug ) {
+ error_log( var_export( substr( $response['body'], strpos( $response['body'], '###### wp_scraping_result_start:' ) ), true ) );
+ }
+
+ $body = wp_remote_retrieve_body( $response );
+ $scrape_result_position = strpos( $body, $needle_start );
+ $result = null;
+
+ if ( false !== $scrape_result_position ) {
+ $error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );
+ $error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );
+ $result = json_decode( trim( $error_output ), true );
+ }
+
+ delete_transient( $transient );
+
+ // Only fatal errors will result in a 'type' key.
+ return isset( $result['type'] );
+ }
}