update.php (12522B)
1 <?php 2 /** 3 * Update/Install Plugin/Theme administration panel. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 if ( ! defined( 'IFRAME_REQUEST' ) 10 && isset( $_GET['action'] ) && in_array( $_GET['action'], array( 'update-selected', 'activate-plugin', 'update-selected-themes' ), true ) 11 ) { 12 define( 'IFRAME_REQUEST', true ); 13 } 14 15 /** WordPress Administration Bootstrap */ 16 require_once __DIR__ . '/admin.php'; 17 18 require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; 19 20 wp_enqueue_script( 'wp-a11y' ); 21 22 if ( isset( $_GET['action'] ) ) { 23 $plugin = isset( $_REQUEST['plugin'] ) ? trim( $_REQUEST['plugin'] ) : ''; 24 $theme = isset( $_REQUEST['theme'] ) ? urldecode( $_REQUEST['theme'] ) : ''; 25 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : ''; 26 27 if ( 'update-selected' === $action ) { 28 if ( ! current_user_can( 'update_plugins' ) ) { 29 wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) ); 30 } 31 32 check_admin_referer( 'bulk-update-plugins' ); 33 34 if ( isset( $_GET['plugins'] ) ) { 35 $plugins = explode( ',', stripslashes( $_GET['plugins'] ) ); 36 } elseif ( isset( $_POST['checked'] ) ) { 37 $plugins = (array) $_POST['checked']; 38 } else { 39 $plugins = array(); 40 } 41 42 $plugins = array_map( 'urldecode', $plugins ); 43 44 $url = 'update.php?action=update-selected&plugins=' . urlencode( implode( ',', $plugins ) ); 45 $nonce = 'bulk-update-plugins'; 46 47 wp_enqueue_script( 'updates' ); 48 iframe_header(); 49 50 $upgrader = new Plugin_Upgrader( new Bulk_Plugin_Upgrader_Skin( compact( 'nonce', 'url' ) ) ); 51 $upgrader->bulk_upgrade( $plugins ); 52 53 iframe_footer(); 54 55 } elseif ( 'upgrade-plugin' === $action ) { 56 if ( ! current_user_can( 'update_plugins' ) ) { 57 wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) ); 58 } 59 60 check_admin_referer( 'upgrade-plugin_' . $plugin ); 61 62 $title = __( 'Update Plugin' ); 63 $parent_file = 'plugins.php'; 64 $submenu_file = 'plugins.php'; 65 66 wp_enqueue_script( 'updates' ); 67 require_once ABSPATH . 'wp-admin/admin-header.php'; 68 69 $nonce = 'upgrade-plugin_' . $plugin; 70 $url = 'update.php?action=upgrade-plugin&plugin=' . urlencode( $plugin ); 71 72 $upgrader = new Plugin_Upgrader( new Plugin_Upgrader_Skin( compact( 'title', 'nonce', 'url', 'plugin' ) ) ); 73 $upgrader->upgrade( $plugin ); 74 75 require_once ABSPATH . 'wp-admin/admin-footer.php'; 76 77 } elseif ( 'activate-plugin' === $action ) { 78 if ( ! current_user_can( 'update_plugins' ) ) { 79 wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) ); 80 } 81 82 check_admin_referer( 'activate-plugin_' . $plugin ); 83 if ( ! isset( $_GET['failure'] ) && ! isset( $_GET['success'] ) ) { 84 wp_redirect( admin_url( 'update.php?action=activate-plugin&failure=true&plugin=' . urlencode( $plugin ) . '&_wpnonce=' . $_GET['_wpnonce'] ) ); 85 activate_plugin( $plugin, '', ! empty( $_GET['networkwide'] ), true ); 86 wp_redirect( admin_url( 'update.php?action=activate-plugin&success=true&plugin=' . urlencode( $plugin ) . '&_wpnonce=' . $_GET['_wpnonce'] ) ); 87 die(); 88 } 89 iframe_header( __( 'Plugin Reactivation' ), true ); 90 if ( isset( $_GET['success'] ) ) { 91 echo '<p>' . __( 'Plugin reactivated successfully.' ) . '</p>'; 92 } 93 94 if ( isset( $_GET['failure'] ) ) { 95 echo '<p>' . __( 'Plugin failed to reactivate due to a fatal error.' ) . '</p>'; 96 97 error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR ); 98 ini_set( 'display_errors', true ); // Ensure that fatal errors are displayed. 99 wp_register_plugin_realpath( WP_PLUGIN_DIR . '/' . $plugin ); 100 include WP_PLUGIN_DIR . '/' . $plugin; 101 } 102 iframe_footer(); 103 } elseif ( 'install-plugin' === $action ) { 104 105 if ( ! current_user_can( 'install_plugins' ) ) { 106 wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) ); 107 } 108 109 include_once ABSPATH . 'wp-admin/includes/plugin-install.php'; // For plugins_api(). 110 111 check_admin_referer( 'install-plugin_' . $plugin ); 112 $api = plugins_api( 113 'plugin_information', 114 array( 115 'slug' => $plugin, 116 'fields' => array( 117 'sections' => false, 118 ), 119 ) 120 ); 121 122 if ( is_wp_error( $api ) ) { 123 wp_die( $api ); 124 } 125 126 $title = __( 'Plugin Installation' ); 127 $parent_file = 'plugins.php'; 128 $submenu_file = 'plugin-install.php'; 129 require_once ABSPATH . 'wp-admin/admin-header.php'; 130 131 /* translators: %s: Plugin name and version. */ 132 $title = sprintf( __( 'Installing Plugin: %s' ), $api->name . ' ' . $api->version ); 133 $nonce = 'install-plugin_' . $plugin; 134 $url = 'update.php?action=install-plugin&plugin=' . urlencode( $plugin ); 135 if ( isset( $_GET['from'] ) ) { 136 $url .= '&from=' . urlencode( stripslashes( $_GET['from'] ) ); 137 } 138 139 $type = 'web'; // Install plugin type, From Web or an Upload. 140 141 $upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact( 'title', 'url', 'nonce', 'plugin', 'api' ) ) ); 142 $upgrader->install( $api->download_link ); 143 144 require_once ABSPATH . 'wp-admin/admin-footer.php'; 145 146 } elseif ( 'upload-plugin' === $action ) { 147 148 if ( ! current_user_can( 'upload_plugins' ) ) { 149 wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) ); 150 } 151 152 check_admin_referer( 'plugin-upload' ); 153 154 $file_upload = new File_Upload_Upgrader( 'pluginzip', 'package' ); 155 156 $title = __( 'Upload Plugin' ); 157 $parent_file = 'plugins.php'; 158 $submenu_file = 'plugin-install.php'; 159 require_once ABSPATH . 'wp-admin/admin-header.php'; 160 161 /* translators: %s: File name. */ 162 $title = sprintf( __( 'Installing plugin from uploaded file: %s' ), esc_html( basename( $file_upload->filename ) ) ); 163 $nonce = 'plugin-upload'; 164 $url = add_query_arg( array( 'package' => $file_upload->id ), 'update.php?action=upload-plugin' ); 165 $type = 'upload'; // Install plugin type, From Web or an Upload. 166 167 $overwrite = isset( $_GET['overwrite'] ) ? sanitize_text_field( $_GET['overwrite'] ) : ''; 168 $overwrite = in_array( $overwrite, array( 'update-plugin', 'downgrade-plugin' ), true ) ? $overwrite : ''; 169 170 $upgrader = new Plugin_Upgrader( new Plugin_Installer_Skin( compact( 'type', 'title', 'nonce', 'url', 'overwrite' ) ) ); 171 $result = $upgrader->install( $file_upload->package, array( 'overwrite_package' => $overwrite ) ); 172 173 if ( $result || is_wp_error( $result ) ) { 174 $file_upload->cleanup(); 175 } 176 177 require_once ABSPATH . 'wp-admin/admin-footer.php'; 178 179 } elseif ( 'upload-plugin-cancel-overwrite' === $action ) { 180 if ( ! current_user_can( 'upload_plugins' ) ) { 181 wp_die( __( 'Sorry, you are not allowed to install plugins on this site.' ) ); 182 } 183 184 check_admin_referer( 'plugin-upload-cancel-overwrite' ); 185 186 // Make sure the attachment still exists, or File_Upload_Upgrader will call wp_die() 187 // that shows a generic "Please select a file" error. 188 if ( ! empty( $_GET['package'] ) ) { 189 $attachment_id = (int) $_GET['package']; 190 191 if ( get_post( $attachment_id ) ) { 192 $file_upload = new File_Upload_Upgrader( 'pluginzip', 'package' ); 193 $file_upload->cleanup(); 194 } 195 } 196 197 wp_redirect( self_admin_url( 'plugin-install.php' ) ); 198 exit; 199 } elseif ( 'upgrade-theme' === $action ) { 200 201 if ( ! current_user_can( 'update_themes' ) ) { 202 wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ) ); 203 } 204 205 check_admin_referer( 'upgrade-theme_' . $theme ); 206 207 wp_enqueue_script( 'updates' ); 208 209 $title = __( 'Update Theme' ); 210 $parent_file = 'themes.php'; 211 $submenu_file = 'themes.php'; 212 require_once ABSPATH . 'wp-admin/admin-header.php'; 213 214 $nonce = 'upgrade-theme_' . $theme; 215 $url = 'update.php?action=upgrade-theme&theme=' . urlencode( $theme ); 216 217 $upgrader = new Theme_Upgrader( new Theme_Upgrader_Skin( compact( 'title', 'nonce', 'url', 'theme' ) ) ); 218 $upgrader->upgrade( $theme ); 219 220 require_once ABSPATH . 'wp-admin/admin-footer.php'; 221 } elseif ( 'update-selected-themes' === $action ) { 222 if ( ! current_user_can( 'update_themes' ) ) { 223 wp_die( __( 'Sorry, you are not allowed to update themes for this site.' ) ); 224 } 225 226 check_admin_referer( 'bulk-update-themes' ); 227 228 if ( isset( $_GET['themes'] ) ) { 229 $themes = explode( ',', stripslashes( $_GET['themes'] ) ); 230 } elseif ( isset( $_POST['checked'] ) ) { 231 $themes = (array) $_POST['checked']; 232 } else { 233 $themes = array(); 234 } 235 236 $themes = array_map( 'urldecode', $themes ); 237 238 $url = 'update.php?action=update-selected-themes&themes=' . urlencode( implode( ',', $themes ) ); 239 $nonce = 'bulk-update-themes'; 240 241 wp_enqueue_script( 'updates' ); 242 iframe_header(); 243 244 $upgrader = new Theme_Upgrader( new Bulk_Theme_Upgrader_Skin( compact( 'nonce', 'url' ) ) ); 245 $upgrader->bulk_upgrade( $themes ); 246 247 iframe_footer(); 248 } elseif ( 'install-theme' === $action ) { 249 250 if ( ! current_user_can( 'install_themes' ) ) { 251 wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) ); 252 } 253 254 include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php'; // For themes_api(). 255 256 check_admin_referer( 'install-theme_' . $theme ); 257 $api = themes_api( 258 'theme_information', 259 array( 260 'slug' => $theme, 261 'fields' => array( 262 'sections' => false, 263 'tags' => false, 264 ), 265 ) 266 ); // Save on a bit of bandwidth. 267 268 if ( is_wp_error( $api ) ) { 269 wp_die( $api ); 270 } 271 272 $title = __( 'Install Themes' ); 273 $parent_file = 'themes.php'; 274 $submenu_file = 'themes.php'; 275 require_once ABSPATH . 'wp-admin/admin-header.php'; 276 277 /* translators: %s: Theme name and version. */ 278 $title = sprintf( __( 'Installing Theme: %s' ), $api->name . ' ' . $api->version ); 279 $nonce = 'install-theme_' . $theme; 280 $url = 'update.php?action=install-theme&theme=' . urlencode( $theme ); 281 $type = 'web'; // Install theme type, From Web or an Upload. 282 283 $upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact( 'title', 'url', 'nonce', 'plugin', 'api' ) ) ); 284 $upgrader->install( $api->download_link ); 285 286 require_once ABSPATH . 'wp-admin/admin-footer.php'; 287 288 } elseif ( 'upload-theme' === $action ) { 289 290 if ( ! current_user_can( 'upload_themes' ) ) { 291 wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) ); 292 } 293 294 check_admin_referer( 'theme-upload' ); 295 296 $file_upload = new File_Upload_Upgrader( 'themezip', 'package' ); 297 298 $title = __( 'Upload Theme' ); 299 $parent_file = 'themes.php'; 300 $submenu_file = 'theme-install.php'; 301 302 require_once ABSPATH . 'wp-admin/admin-header.php'; 303 304 /* translators: %s: File name. */ 305 $title = sprintf( __( 'Installing theme from uploaded file: %s' ), esc_html( basename( $file_upload->filename ) ) ); 306 $nonce = 'theme-upload'; 307 $url = add_query_arg( array( 'package' => $file_upload->id ), 'update.php?action=upload-theme' ); 308 $type = 'upload'; // Install theme type, From Web or an Upload. 309 310 $overwrite = isset( $_GET['overwrite'] ) ? sanitize_text_field( $_GET['overwrite'] ) : ''; 311 $overwrite = in_array( $overwrite, array( 'update-theme', 'downgrade-theme' ), true ) ? $overwrite : ''; 312 313 $upgrader = new Theme_Upgrader( new Theme_Installer_Skin( compact( 'type', 'title', 'nonce', 'url', 'overwrite' ) ) ); 314 $result = $upgrader->install( $file_upload->package, array( 'overwrite_package' => $overwrite ) ); 315 316 if ( $result || is_wp_error( $result ) ) { 317 $file_upload->cleanup(); 318 } 319 320 require_once ABSPATH . 'wp-admin/admin-footer.php'; 321 322 } elseif ( 'upload-theme-cancel-overwrite' === $action ) { 323 if ( ! current_user_can( 'upload_themes' ) ) { 324 wp_die( __( 'Sorry, you are not allowed to install themes on this site.' ) ); 325 } 326 327 check_admin_referer( 'theme-upload-cancel-overwrite' ); 328 329 // Make sure the attachment still exists, or File_Upload_Upgrader will call wp_die() 330 // that shows a generic "Please select a file" error. 331 if ( ! empty( $_GET['package'] ) ) { 332 $attachment_id = (int) $_GET['package']; 333 334 if ( get_post( $attachment_id ) ) { 335 $file_upload = new File_Upload_Upgrader( 'themezip', 'package' ); 336 $file_upload->cleanup(); 337 } 338 } 339 340 wp_redirect( self_admin_url( 'theme-install.php' ) ); 341 exit; 342 } else { 343 /** 344 * Fires when a custom plugin or theme update request is received. 345 * 346 * The dynamic portion of the hook name, `$action`, refers to the action 347 * provided in the request for wp-admin/update.php. Can be used to 348 * provide custom update functionality for themes and plugins. 349 * 350 * @since 2.8.0 351 */ 352 do_action( "update-custom_{$action}" ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 353 } 354 }