summaryrefslogtreecommitdiffstatshomepage
path: root/src/wp-admin/includes/class-wp-upgrader.php
diff options
context:
space:
mode:
Diffstat (limited to 'src/wp-admin/includes/class-wp-upgrader.php')
-rw-r--r--src/wp-admin/includes/class-wp-upgrader.php24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/wp-admin/includes/class-wp-upgrader.php b/src/wp-admin/includes/class-wp-upgrader.php
index a3cdf36849..5e9c099d97 100644
--- a/src/wp-admin/includes/class-wp-upgrader.php
+++ b/src/wp-admin/includes/class-wp-upgrader.php
@@ -2293,6 +2293,30 @@ class File_Upload_Upgrader {
if ( isset( $file['error'] ) )
wp_die( $file['error'] );
+ if ( 'pluginzip' === $form || 'themezip' === $form ) {
+ $archive_is_valid = false;
+
+ /** This filter is documented in wp-admin/includes/file.php */
+ if ( class_exists( 'ZipArchive', false ) && apply_filters( 'unzip_file_use_ziparchive', true ) ) {
+ $archive = new ZipArchive();
+ $archive_is_valid = $archive->open( $file['file'], ZIPARCHIVE::CHECKCONS );
+
+ if ( true === $archive_is_valid ) {
+ $archive->close();
+ }
+ } else {
+ require_once ABSPATH . 'wp-admin/includes/class-pclzip.php';
+
+ $archive = new PclZip( $file['file'] );
+ $archive_is_valid = is_array( $archive->properties() );
+ }
+
+ if ( true !== $archive_is_valid ) {
+ wp_delete_file( $file['file'] );
+ wp_die( __( 'Incompatible Archive.' ) );
+ }
+ }
+
$this->filename = $_FILES[$form]['name'];
$this->package = $file['file'];
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 23:04:59 +0000