[wp-trac] [WordPress Trac] #18201: Verify updates with md5 checks

WordPress Trac noreply at wordpress.org
Tue Sep 3 14:30:02 UTC 2013


#18201: Verify updates with md5 checks
-----------------------------+------------------
 Reporter:  nacin            |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  low              |   Milestone:  3.7
Component:  Upgrade/Install  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |
-----------------------------+------------------

Comment (by nofearinc):

 The way I see the process here is the following (let me know if it's way
 out of line or there is a better way to approach it):

 1. Verify for PHP compiled with OpenSSL support. If true, check for
 sha1_file or md5_file functions locally. Then perform the
 `get_core_updates` or `find_core_update` functions to fetch the updates,
 get the right update. Download the file, check the checksum, extract the
 content and perform to update the WordPress. If the update fails, check
 whether the file has already been downloaded (important for large servers
 with thousands of WordPress installs) and work with it instead (otherwise
 download again).
 2. If PHP isn't compiled with OpenSSL support, then check for SSL support
 in system curl/wget calls. Perform system download/update with the root CA
 certificate bundled in WordPress. Then verify and install as described in
 1.
 3. If SSL is not installed at all, perform basic HTTP download with PHP or
 wget/curl and update accordingly.

 Best practice in different platforms/tools is providing two checksums
 (both md5 and sha1) from the vendor (in version.php or some other new URL
 on wordpress.org) as md5 or sha1 might not be available on the server.

 Does it sound feasible and would we need to apply core updates in the
 WP_Http class or other update functions from `wp-
 admin/includes/update.php` in addition to the autoupdater itself?

--
Ticket URL: <http://core.trac.wordpress.org/ticket/18201#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list