use maybe_unserialize() in update and API checks, Tighten up the chec…

…ks on expected return data to avoid processing invalid responses after change. See #19617

git-svn-id: http://svn.automattic.com/wordpress/trunk@19707 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/plugin-install.php

@@ -45,9 +45,9 @@ function plugins_api($action, $args = null) {
 		if ( is_wp_error($request) ) {
 			$res = new WP_Error('plugins_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
 		} else {
-			$res = unserialize( wp_remote_retrieve_body( $request ) );
-			if ( false === $res )
-				$res = new WP_Error('plugins_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
+			$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
+			if ( ! is_object( $res ) && ! is_array( $res ) )
+				$res = new WP_Error('plugins_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
 		}
 	} elseif ( !is_wp_error($res) ) {
 		$res->external = true;

wp-admin/includes/theme.php

@@ -409,12 +409,12 @@ function themes_api($action, $args = null) {
 		if ( is_wp_error($request) ) {
 			$res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occurred during the API request.'), $request->get_error_message() );
 		} else {
-			$res = unserialize( wp_remote_retrieve_body( $request ) );
-			if ( ! $res )
-			$res = new WP_Error('themes_api_failed', __('An unknown error occurred.'), wp_remote_retrieve_body( $request ) );
+			$res = maybe_unserialize( wp_remote_retrieve_body( $request ) );
+			if ( ! is_object( $res ) && ! is_array( $res ) )
+				$res = new WP_Error('themes_api_failed', __('An unknown error occurred during the API request.'), wp_remote_retrieve_body( $request ) );
 		}
 	}
-	//var_dump(array($args, $res));
+
 	return apply_filters('themes_api_result', $res, $action, $args);
 }
 

wp-includes/update.php

@@ -91,10 +91,11 @@ function wp_version_check() {
 		return false;
 
 	$body = trim( wp_remote_retrieve_body( $response ) );
-	if ( ! $body = maybe_unserialize( $body ) )
-		return false;
-	if ( ! isset( $body['offers'] ) )
+	$body = maybe_unserialize( $body );
+
+	if ( ! is_array( $body ) || ! isset( $body['offers'] ) )
 		return false;
+
 	$offers = $body['offers'];
 
 	foreach ( $offers as &$offer ) {
@@ -205,9 +206,9 @@ function wp_update_plugins() {
 	if ( is_wp_error( $raw_response ) || 200 != wp_remote_retrieve_response_code( $raw_response ) )
 		return false;
 
-	$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
+	$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
 
-	if ( false !== $response )
+	if ( is_array( $response ) )
 		$new_option->response = $response;
 	else
 		$new_option->response = array();
@@ -319,8 +320,8 @@ function wp_update_themes() {
 	$new_update->last_checked = time( );
 	$new_update->checked = $checked;
 
-	$response = unserialize( wp_remote_retrieve_body( $raw_response ) );
-	if ( false !== $response )
+	$response = maybe_unserialize( wp_remote_retrieve_body( $raw_response ) );
+	if ( is_array( $response ) )
 		$new_update->response = $response;
 
 	set_site_transient( 'update_themes', $new_update );