Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Core and plugin update checking: make sure fsockopen() is available a…

…nd check file resources with is_resource() -- both to prevent feof() infinite loops. Props xknown. fixes #5037

git-svn-id: http://svn.automattic.com/wordpress/trunk@6151 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
commit d3d447d6e90d79b5b03d3640049ac8fb933f118b 1 parent 4881344
markjaquith authored
Showing with 7 additions and 3 deletions.
  1. +5 −1 wp-admin/includes/update.php
  2. +2 −2 wp-includes/update.php
View
6 wp-admin/includes/update.php
@@ -42,6 +42,10 @@ function update_nag() {
function wp_update_plugins() {
global $wp_version;
+
+ if ( !function_exists('fsockopen') )
+ return false;
+
$plugins = get_plugins();
$active = get_option( 'active_plugins' );
$current = get_option( 'update_plugins' );
@@ -83,7 +87,7 @@ function wp_update_plugins() {
$http_request .= $request;
$response = '';
- if( false != ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3) ) ) {
+ if( false != ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3) ) && is_resource($fs) ) {
fwrite($fs, $http_request);
while ( !feof($fs) )
View
4 wp-includes/update.php
@@ -3,7 +3,7 @@
// A simple set of functions to check our version 1.0 update service
function wp_version_check() {
- if ( strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') )
+ if ( !function_exists('fsockopen') || strpos($_SERVER['PHP_SELF'], 'install.php') !== false || defined('WP_INSTALLING') )
return;
global $wp_version;
@@ -30,7 +30,7 @@ function wp_version_check() {
$http_request .= "\r\n";
$response = '';
- if ( false !== ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3 ) ) ) {
+ if ( false !== ( $fs = @fsockopen( 'api.wordpress.org', 80, $errno, $errstr, 3 ) ) && is_resource($fs) ) {
fwrite( $fs, $http_request );
while ( !feof( $fs ) )
$response .= fgets( $fs, 1160 ); // One TCP-IP packet
Please sign in to comment.
Something went wrong with that request. Please try again.