diff -r 7b1b88e27a20 -r 48c4eec2b7e6 wp/wp-admin/includes/class-wp-automatic-updater.php --- a/wp/wp-admin/includes/class-wp-automatic-updater.php Thu Sep 29 08:06:27 2022 +0200 +++ b/wp/wp-admin/includes/class-wp-automatic-updater.php Fri Sep 05 18:40:08 2025 +0200 @@ -13,6 +13,7 @@ * @since 3.7.0 * @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php. */ +#[AllowDynamicProperties] class WP_Automatic_Updater { /** @@ -26,6 +27,8 @@ * Determines whether the entire automatic updater is disabled. * * @since 3.7.0 + * + * @return bool True if the automatic updater is disabled, false otherwise. */ public function is_disabled() { // Background updates are disabled if you don't want file changes. @@ -56,6 +59,54 @@ } /** + * Checks whether access to a given directory is allowed. + * + * This is used when detecting version control checkouts. Takes into account + * the PHP `open_basedir` restrictions, so that WordPress does not try to access + * directories it is not allowed to. + * + * @since 6.2.0 + * + * @param string $dir The directory to check. + * @return bool True if access to the directory is allowed, false otherwise. + */ + public function is_allowed_dir( $dir ) { + if ( is_string( $dir ) ) { + $dir = trim( $dir ); + } + + if ( ! is_string( $dir ) || '' === $dir ) { + _doing_it_wrong( + __METHOD__, + sprintf( + /* translators: %s: The "$dir" argument. */ + __( 'The "%s" argument must be a non-empty string.' ), + '$dir' + ), + '6.2.0' + ); + + return false; + } + + $open_basedir = ini_get( 'open_basedir' ); + + if ( empty( $open_basedir ) ) { + return true; + } + + $open_basedir_list = explode( PATH_SEPARATOR, $open_basedir ); + + foreach ( $open_basedir_list as $basedir ) { + if ( '' !== trim( $basedir ) && str_starts_with( $dir, $basedir ) ) { + return true; + } + } + + return false; + } + + /** * Checks for version control checkouts. * * Checks for Subversion, Git, Mercurial, and Bazaar. It recursively looks up the @@ -97,11 +148,16 @@ } $check_dirs = array_unique( $check_dirs ); + $checkout = false; // Search all directories we've found for evidence of version control. foreach ( $vcs_dirs as $vcs_dir ) { foreach ( $check_dirs as $check_dir ) { - $checkout = @is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" ); + if ( ! $this->is_allowed_dir( $check_dir ) ) { + continue; + } + + $checkout = is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" ); if ( $checkout ) { break 2; } @@ -138,7 +194,7 @@ */ public function should_update( $type, $item, $context ) { // Used to see if WP_Filesystem is set up to allow unattended updates. - $skin = new Automatic_Upgrader_Skin; + $skin = new Automatic_Upgrader_Skin(); if ( $this->is_disabled() ) { return false; @@ -177,7 +233,7 @@ // If the `disable_autoupdate` flag is set, override any user-choice, but allow filters. if ( ! empty( $item->disable_autoupdate ) ) { - $update = $item->disable_autoupdate; + $update = false; } /** @@ -222,7 +278,7 @@ if ( 'core' === $type ) { global $wpdb; - $php_compat = version_compare( phpversion(), $item->php_version, '>=' ); + $php_compat = version_compare( PHP_VERSION, $item->php_version, '>=' ); if ( file_exists( WP_CONTENT_DIR . '/db.php' ) && empty( $wpdb->is_mysql ) ) { $mysql_compat = true; } else { @@ -236,7 +292,7 @@ // If updating a plugin or theme, ensure the minimum PHP version requirements are satisfied. if ( in_array( $type, array( 'plugin', 'theme' ), true ) ) { - if ( ! empty( $item->requires_php ) && version_compare( phpversion(), $item->requires_php, '<' ) ) { + if ( ! empty( $item->requires_php ) && version_compare( PHP_VERSION, $item->requires_php, '<' ) ) { return false; } } @@ -304,7 +360,7 @@ * @return null|WP_Error */ public function update( $type, $item ) { - $skin = new Automatic_Upgrader_Skin; + $skin = new Automatic_Upgrader_Skin(); switch ( $type ) { case 'core': @@ -390,6 +446,34 @@ $allow_relaxed_file_ownership = true; } + $is_debug = WP_DEBUG && WP_DEBUG_LOG; + if ( 'plugin' === $type ) { + $was_active = is_plugin_active( $upgrader_item ); + if ( $is_debug ) { + error_log( ' Upgrading plugin ' . var_export( $item->slug, true ) . '...' ); + } + } + + if ( 'theme' === $type && $is_debug ) { + error_log( ' Upgrading theme ' . var_export( $item->theme, true ) . '...' ); + } + + /* + * Enable maintenance mode before upgrading the plugin or theme. + * + * This avoids potential non-fatal errors being detected + * while scraping for a fatal error if some files are still + * being moved. + * + * While these checks are intended only for plugins, + * maintenance mode is enabled for all upgrade types as any + * update could contain an error or warning, which could cause + * the scrape to miss a fatal error in the plugin update. + */ + if ( 'translation' !== $type ) { + $upgrader->maintenance_mode( true ); + } + // Boom, this site's about to get a whole new splash of paint! $upgrade_result = $upgrader->upgrade( $upgrader_item, @@ -404,6 +488,19 @@ ) ); + /* + * After WP_Upgrader::upgrade() completes, maintenance mode is disabled. + * + * Re-enable maintenance mode while attempting to detect fatal errors + * and potentially rolling back. + * + * This avoids errors if the site is visited while fatal errors exist + * or while files are still being moved. + */ + if ( 'translation' !== $type ) { + $upgrader->maintenance_mode( true ); + } + // If the filesystem is unavailable, false is returned. if ( false === $upgrade_result ) { $upgrade_result = new WP_Error( 'fs_unavailable', __( 'Could not access filesystem.' ) ); @@ -414,8 +511,13 @@ && ( 'up_to_date' === $upgrade_result->get_error_code() || 'locked' === $upgrade_result->get_error_code() ) ) { - // These aren't actual errors, treat it as a skipped-update instead - // to avoid triggering the post-core update failure routines. + // Allow visitors to browse the site again. + $upgrader->maintenance_mode( false ); + + /* + * These aren't actual errors, treat it as a skipped-update instead + * to avoid triggering the post-core update failure routines. + */ return false; } @@ -428,6 +530,100 @@ } } + $is_debug = WP_DEBUG && WP_DEBUG_LOG; + + if ( 'theme' === $type && $is_debug ) { + error_log( ' Theme ' . var_export( $item->theme, true ) . ' has been upgraded.' ); + } + + if ( 'plugin' === $type ) { + if ( $is_debug ) { + error_log( ' Plugin ' . var_export( $item->slug, true ) . ' has been upgraded.' ); + if ( is_plugin_inactive( $upgrader_item ) ) { + error_log( ' ' . var_export( $upgrader_item, true ) . ' is inactive and will not be checked for fatal errors.' ); + } + } + + if ( $was_active && ! is_wp_error( $upgrade_result ) ) { + + /* + * The usual time limit is five minutes. However, as a loopback request + * is about to be performed, increase the time limit to account for this. + */ + if ( function_exists( 'set_time_limit' ) ) { + set_time_limit( 10 * MINUTE_IN_SECONDS ); + } + + /* + * Avoids a race condition when there are 2 sequential plugins that have + * fatal errors. It seems a slight delay is required for the loopback to + * use the updated plugin code in the request. This can cause the second + * plugin's fatal error checking to be inaccurate, and may also affect + * subsequent plugin checks. + */ + sleep( 2 ); + + if ( $this->has_fatal_error() ) { + $upgrade_result = new WP_Error(); + $temp_backup = array( + array( + 'dir' => 'plugins', + 'slug' => $item->slug, + 'src' => WP_PLUGIN_DIR, + ), + ); + + $backup_restored = $upgrader->restore_temp_backup( $temp_backup ); + if ( is_wp_error( $backup_restored ) ) { + $upgrade_result->add( + 'plugin_update_fatal_error_rollback_failed', + sprintf( + /* translators: %s: The plugin's slug. */ + __( "The update for '%s' contained a fatal error. The previously installed version could not be restored." ), + $item->slug + ) + ); + + $upgrade_result->merge_from( $backup_restored ); + } else { + $upgrade_result->add( + 'plugin_update_fatal_error_rollback_successful', + sprintf( + /* translators: %s: The plugin's slug. */ + __( "The update for '%s' contained a fatal error. The previously installed version has been restored." ), + $item->slug + ) + ); + + $backup_deleted = $upgrader->delete_temp_backup( $temp_backup ); + if ( is_wp_error( $backup_deleted ) ) { + $upgrade_result->merge_from( $backup_deleted ); + } + } + + /* + * Should emails not be working, log the message(s) so that + * the log file contains context for the fatal error, + * and whether a rollback was performed. + * + * `trigger_error()` is not used as it outputs a stack trace + * to this location rather than to the fatal error, which will + * appear above this entry in the log file. + */ + if ( $is_debug ) { + error_log( ' ' . implode( "\n", $upgrade_result->get_error_messages() ) ); + } + } elseif ( $is_debug ) { + error_log( ' The update for ' . var_export( $item->slug, true ) . ' has no fatal errors.' ); + } + } + } + + // All processes are complete. Allow visitors to browse the site again. + if ( 'translation' !== $type ) { + $upgrader->maintenance_mode( false ); + } + $this->update_results[ $type ][] = (object) array( 'item' => $item, 'result' => $upgrade_result, @@ -456,6 +652,12 @@ return; } + $is_debug = WP_DEBUG && WP_DEBUG_LOG; + + if ( $is_debug ) { + error_log( 'Automatic updates starting...' ); + } + // Don't automatically run these things, as we'll handle it ourselves. remove_action( 'upgrader_process_complete', array( 'Language_Pack_Upgrader', 'async_upgrade' ), 20 ); remove_action( 'upgrader_process_complete', 'wp_version_check' ); @@ -466,22 +668,43 @@ wp_update_plugins(); // Check for plugin updates. $plugin_updates = get_site_transient( 'update_plugins' ); if ( $plugin_updates && ! empty( $plugin_updates->response ) ) { + if ( $is_debug ) { + error_log( ' Automatic plugin updates starting...' ); + } + foreach ( $plugin_updates->response as $plugin ) { $this->update( 'plugin', $plugin ); } + // Force refresh of plugin update information. wp_clean_plugins_cache(); + + if ( $is_debug ) { + error_log( ' Automatic plugin updates complete.' ); + } } // Next, those themes we all love. wp_update_themes(); // Check for theme updates. $theme_updates = get_site_transient( 'update_themes' ); if ( $theme_updates && ! empty( $theme_updates->response ) ) { + if ( $is_debug ) { + error_log( ' Automatic theme updates starting...' ); + } + foreach ( $theme_updates->response as $theme ) { $this->update( 'theme', (object) $theme ); } // Force refresh of theme update information. wp_clean_themes_cache(); + + if ( $is_debug ) { + error_log( ' Automatic theme updates complete.' ); + } + } + + if ( $is_debug ) { + error_log( 'Automatic updates complete.' ); } // Next, process any core update. @@ -492,8 +715,10 @@ $this->update( 'core', $core_update ); } - // Clean up, and check for any pending translations. - // (Core_Upgrader checks for core updates.) + /* + * Clean up, and check for any pending translations. + * (Core_Upgrader checks for core updates.) + */ $theme_stats = array(); if ( isset( $this->update_results['theme'] ) ) { foreach ( $this->update_results['theme'] as $upgrade ) { @@ -527,7 +752,7 @@ // Send debugging email to admin for all development installations. if ( ! empty( $this->update_results ) ) { - $development_version = false !== strpos( get_bloginfo( 'version' ), '-' ); + $development_version = str_contains( get_bloginfo( 'version' ), '-' ); /** * Filters whether to send a debugging email for each automatic background update. @@ -562,8 +787,8 @@ } /** - * If we tried to perform a core update, check if we should send an email, - * and if we need to avoid processing future updates. + * Checks whether to send an email and avoid processing future updates after + * attempting a core update. * * @since 3.7.0 * @@ -582,16 +807,18 @@ $error_code = $result->get_error_code(); - // Any of these WP_Error codes are critical failures, as in they occurred after we started to copy core files. - // We should not try to perform a background update again until there is a successful one-click update performed by the user. + /* + * Any of these WP_Error codes are critical failures, as in they occurred after we started to copy core files. + * We should not try to perform a background update again until there is a successful one-click update performed by the user. + */ $critical = false; - if ( 'disk_full' === $error_code || false !== strpos( $error_code, '__copy_dir' ) ) { + if ( 'disk_full' === $error_code || str_contains( $error_code, '__copy_dir' ) ) { $critical = true; } elseif ( 'rollback_was_required' === $error_code && is_wp_error( $result->get_error_data()->rollback ) ) { // A rollback is only critical if it failed too. $critical = true; $rollback_result = $result->get_error_data()->rollback; - } elseif ( false !== strpos( $error_code, 'do_rollback' ) ) { + } elseif ( str_contains( $error_code, 'do_rollback' ) ) { $critical = true; } @@ -775,8 +1002,10 @@ $body .= "\n\n"; - // Don't show this message if there is a newer version available. - // Potential for confusion, and also not useful for them to know at this point. + /* + * Don't show this message if there is a newer version available. + * Potential for confusion, and also not useful for them to know at this point. + */ if ( 'fail' === $type && ! $newer_version_available ) { $body .= __( 'An attempt was made, but your site could not be updated automatically.' ) . ' '; } @@ -829,7 +1058,7 @@ } if ( $critical_support ) { - $body .= ' ' . __( "If you reach out to us, we'll also ensure you'll never have this problem again." ); + $body .= ' ' . __( "Reach out to WordPress Core developers to ensure you'll never have this problem again." ); } // If things are successful and we're now on the latest, mention plugins and themes if any are out of date. @@ -847,8 +1076,10 @@ $body .= ' ' . __( 'Some data that describes the error your site encountered has been put together.' ); $body .= ' ' . __( 'Your hosting company, support forum volunteers, or a friendly developer may be able to use this information to help you:' ); - // If we had a rollback and we're still critical, then the rollback failed too. - // Loop through all errors (the main WP_Error, the update result, the rollback result) for code, data, etc. + /* + * If we had a rollback and we're still critical, then the rollback failed too. + * Loop through all errors (the main WP_Error, the update result, the rollback result) for code, data, etc. + */ if ( 'rollback_was_required' === $result->get_error_code() ) { $errors = array( $result, $result->get_error_data()->update, $result->get_error_data()->rollback ); } else { @@ -912,7 +1143,7 @@ /** - * If we tried to perform plugin or theme updates, check if we should send an email. + * Checks whether an email should be sent after attempting plugin or theme updates. * * @since 5.5.0 * @@ -1097,26 +1328,37 @@ // List failed plugin updates. if ( ! empty( $failed_updates['plugin'] ) ) { - $body[] = __( 'These plugins failed to update:' ); + $body[] = __( 'The following plugins failed to update. If there was a fatal error in the update, the previously installed version has been restored.' ); foreach ( $failed_updates['plugin'] as $item ) { + $body_message = ''; + $item_url = ''; + + if ( ! empty( $item->item->url ) ) { + $item_url = ' : ' . esc_url( $item->item->url ); + } + if ( $item->item->current_version ) { - $body[] = sprintf( - /* translators: 1: Plugin name, 2: Current version number, 3: New version number. */ - __( '- %1$s (from version %2$s to %3$s)' ), - $item->name, + $body_message .= sprintf( + /* translators: 1: Plugin name, 2: Current version number, 3: New version number, 4: Plugin URL. */ + __( '- %1$s (from version %2$s to %3$s)%4$s' ), + html_entity_decode( $item->name ), $item->item->current_version, - $item->item->new_version + $item->item->new_version, + $item_url ); } else { - $body[] = sprintf( - /* translators: 1: Plugin name, 2: Version number. */ - __( '- %1$s version %2$s' ), - $item->name, - $item->item->new_version + $body_message .= sprintf( + /* translators: 1: Plugin name, 2: Version number, 3: Plugin URL. */ + __( '- %1$s version %2$s%3$s' ), + html_entity_decode( $item->name ), + $item->item->new_version, + $item_url ); } + $body[] = $body_message; + $past_failure_emails[ $item->item->plugin ] = $item->item->new_version; } @@ -1132,7 +1374,7 @@ $body[] = sprintf( /* translators: 1: Theme name, 2: Current version number, 3: New version number. */ __( '- %1$s (from version %2$s to %3$s)' ), - $item->name, + html_entity_decode( $item->name ), $item->item->current_version, $item->item->new_version ); @@ -1140,7 +1382,7 @@ $body[] = sprintf( /* translators: 1: Theme name, 2: Version number. */ __( '- %1$s version %2$s' ), - $item->name, + html_entity_decode( $item->name ), $item->item->new_version ); } @@ -1161,22 +1403,32 @@ $body[] = __( 'These plugins are now up to date:' ); foreach ( $successful_updates['plugin'] as $item ) { + $body_message = ''; + $item_url = ''; + + if ( ! empty( $item->item->url ) ) { + $item_url = ' : ' . esc_url( $item->item->url ); + } + if ( $item->item->current_version ) { - $body[] = sprintf( - /* translators: 1: Plugin name, 2: Current version number, 3: New version number. */ - __( '- %1$s (from version %2$s to %3$s)' ), - $item->name, + $body_message .= sprintf( + /* translators: 1: Plugin name, 2: Current version number, 3: New version number, 4: Plugin URL. */ + __( '- %1$s (from version %2$s to %3$s)%4$s' ), + html_entity_decode( $item->name ), $item->item->current_version, - $item->item->new_version + $item->item->new_version, + $item_url ); } else { - $body[] = sprintf( - /* translators: 1: Plugin name, 2: Version number. */ - __( '- %1$s version %2$s' ), - $item->name, - $item->item->new_version + $body_message .= sprintf( + /* translators: 1: Plugin name, 2: Version number, 3: Plugin URL. */ + __( '- %1$s version %2$s%3$s' ), + html_entity_decode( $item->name ), + $item->item->new_version, + $item_url ); } + $body[] = $body_message; unset( $past_failure_emails[ $item->item->plugin ] ); } @@ -1193,7 +1445,7 @@ $body[] = sprintf( /* translators: 1: Theme name, 2: Current version number, 3: New version number. */ __( '- %1$s (from version %2$s to %3$s)' ), - $item->name, + html_entity_decode( $item->name ), $item->item->current_version, $item->item->new_version ); @@ -1201,7 +1453,7 @@ $body[] = sprintf( /* translators: 1: Theme name, 2: Version number. */ __( '- %1$s version %2$s' ), - $item->name, + html_entity_decode( $item->name ), $item->item->new_version ); } @@ -1303,7 +1555,7 @@ } else { /* translators: %s: WordPress version. */ $body[] = sprintf( __( 'FAILED: WordPress failed to update to %s' ), $result->name ); - $failures++; + ++$failures; } $body[] = ''; @@ -1345,7 +1597,7 @@ if ( ! $item->result || is_wp_error( $item->result ) ) { /* translators: %s: Name of plugin / theme / translation. */ $body[] = ' * ' . sprintf( __( 'FAILED: %s' ), $item->name ); - $failures++; + ++$failures; } } } @@ -1464,4 +1716,91 @@ wp_mail( $email['to'], wp_specialchars_decode( $email['subject'] ), $email['body'], $email['headers'] ); } + + /** + * Performs a loopback request to check for potential fatal errors. + * + * Fatal errors cannot be detected unless maintenance mode is enabled. + * + * @since 6.6.0 + * + * @global int $upgrading The Unix timestamp marking when upgrading WordPress began. + * + * @return bool Whether a fatal error was detected. + */ + protected function has_fatal_error() { + global $upgrading; + + $maintenance_file = ABSPATH . '.maintenance'; + if ( ! file_exists( $maintenance_file ) ) { + return false; + } + + require $maintenance_file; + if ( ! is_int( $upgrading ) ) { + return false; + } + + $scrape_key = md5( $upgrading ); + $scrape_nonce = (string) $upgrading; + $transient = 'scrape_key_' . $scrape_key; + set_transient( $transient, $scrape_nonce, 30 ); + + $cookies = wp_unslash( $_COOKIE ); + $scrape_params = array( + 'wp_scrape_key' => $scrape_key, + 'wp_scrape_nonce' => $scrape_nonce, + ); + $headers = array( + 'Cache-Control' => 'no-cache', + ); + + /** This filter is documented in wp-includes/class-wp-http-streams.php */ + $sslverify = apply_filters( 'https_local_ssl_verify', false ); + + // Include Basic auth in the loopback request. + if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) { + $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) ); + } + + // Time to wait for loopback request to finish. + $timeout = 50; // 50 seconds. + + $is_debug = WP_DEBUG && WP_DEBUG_LOG; + if ( $is_debug ) { + error_log( ' Scraping home page...' ); + } + + $needle_start = "###### wp_scraping_result_start:$scrape_key ######"; + $needle_end = "###### wp_scraping_result_end:$scrape_key ######"; + $url = add_query_arg( $scrape_params, home_url( '/' ) ); + $response = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) ); + + if ( is_wp_error( $response ) ) { + if ( $is_debug ) { + error_log( 'Loopback request failed: ' . $response->get_error_message() ); + } + return true; + } + + // If this outputs `true` in the log, it means there were no fatal errors detected. + if ( $is_debug ) { + error_log( var_export( substr( $response['body'], strpos( $response['body'], '###### wp_scraping_result_start:' ) ), true ) ); + } + + $body = wp_remote_retrieve_body( $response ); + $scrape_result_position = strpos( $body, $needle_start ); + $result = null; + + if ( false !== $scrape_result_position ) { + $error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) ); + $error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) ); + $result = json_decode( trim( $error_output ), true ); + } + + delete_transient( $transient ); + + // Only fatal errors will result in a 'type' key. + return isset( $result['type'] ); + } }