Bug since WordPress 4.6 [with fix] #66

Closed
MichaelSmi opened this Issue Aug 22, 2016 · 11 comments

Projects

None yet

4 participants

@MichaelSmi

I'm usind your code to update a custom plugin not in public WordPress repo. Since update to 4.6 every upgrade fails with curl error. This is caused by malformed url.

Here is the fix:
in https://github.com/YahnisElsts/plugin-update-checker/blob/master/plugin-update-checker.php#L1208
change:
$update->package = $this->download_url;
to:
$update->package = preg_replace('/([^:])(\/{2,})/', '$1/', $this->download_url);

@YahnisElsts
Owner

Could you provide a bit more information? What does the malformed URL look like?

Normally this kind of fix should not be necessary because the update checker just uses the provided download URL as-is. If the URL is incorrect, that's usually a configuration issue.

@MichaelSmi

The bug was reported on WordPress Issue tracker: https://core.trac.wordpress.org/ticket/37733
They want to normalize urls before getting the upgrade package. In 4.6.1 to support all non strictly programmed plugins:

I feel that there are enough plugins affected by incorrect url concatenation to fix this.

The malformed url looks like follows: http://example.com//?action=get_metadata&slug=plugin_slug
But the url is not configured that way! There is no double forward slash in the config url.

@YahnisElsts
Owner

Thank you for the additional information. It looks like that's a problem in the update server, so it's the server that should be fixed, not the update checker. The server should output a correct download URL (i.e. no double slashes) and the update checker shouldn't need to normalize it.

Are you using the default index.php for wp-update-server or did you customize it in any way, like providing your own $serverUrl or subclassing Wpup_UpdateServer? Please post any relevant customizations. I'll see if I can reproduce the issue.

@MichaelSmi

I didn't change anything in the wp-update-server. I only send more custom url parameters to the server to parse them from the log file externaly on the server.

@YahnisElsts
Owner

Is it a Windows server? Try replacing the guessServerUrl method in /includes/UpdateServer.php with this version and see if it fixes the URL:

public static function guessServerUrl() {
    $serverUrl = ( self::isSsl() ? 'https' : 'http' );
    $serverUrl .= '://' . $_SERVER['HTTP_HOST'];
    $path = $_SERVER['SCRIPT_NAME'];

    if ( basename($path) === 'index.php' ) {
        $path = $dir = dirname($path);
        if ( DIRECTORY_SEPARATOR === '/' ) {
            // Fix Windows
            $path = str_replace('\\', '/', $dir);
        }
        //Make sure there's a trailing slash.
        if ( substr($path, -1) !== '/' ) {
            $path .= '/';
        }
    }

    $serverUrl .= $path;
    return $serverUrl;
}
@bnecreative

Had the same issue and this fixed it for me. I'm on a linux server as a side note.

@flowdee
flowdee commented Aug 24, 2016

same here

@YahnisElsts
Owner

Which fix - the one posted by Michael, or the patch for guessServerUrl?

@flowdee
flowdee commented Aug 24, 2016

Used your guessServerUrl patch and it works fine now

@bnecreative

The guessServerUrl method.

@YahnisElsts YahnisElsts added a commit to YahnisElsts/wp-update-server that referenced this issue Aug 24, 2016
@YahnisElsts Fix occasional double slashes in download URLs.
In some environments, the guessServerUrl() method could return an invalid URL containing two forward slashes "//" instead of one. This caused update downloads to fail in WP 4.6. See bug report:
YahnisElsts/plugin-update-checker#66

The bug was in the *nix-like branch in guessServerUrl() that always added a forward slash to the path, even if there was one there already. Fixed by simplifying the method and only adding the slash only when necessary.
fa70d43
@YahnisElsts
Owner

All right, thank you for testing the patch. The bug has been fixed in wp-update-server:
YahnisElsts/wp-update-server@fa70d43

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment