Skip to content

Check cache file validation #6149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dhruvang21 wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Check cache file validation #6149

dhruvang21 wants to merge 11 commits into from
+64 −2

Conversation

@dhruvang21
Copy link

@dhruvang21 dhruvang21 commented Nov 11, 2025

@dhruvang21 dhruvang21 requested a review from a team as a code owner November 11, 2025 13:39
swissspidy
swissspidy reviewed Nov 11, 2025
View reviewed changes
Copy link
Member

@swissspidy swissspidy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for your PR!

@swissspidy swissspidy requested a review from Copilot November 11, 2025 13:58
Copilot AI reviewed Nov 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds validation for downloaded files before they are cached to prevent corrupt or invalid files from being stored in the cache, addressing issue #6148. The validation includes basic file existence and size checks, as well as ZIP file integrity verification using the ZipArchive class.

Key Changes

  • Added a new validate_downloaded_file() method that performs file validation before caching
  • Integrated validation into the filter_http_response() method to check files before they're imported into the cache
  • Added ZIP file-specific validation to ensure archive integrity

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link

codecov bot commented Nov 11, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 55.55556% with 12 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
php/WP_CLI/WpHttpCacheManager.php 55.55% 12 Missing ⚠️

📢 Thoughts on this report? Let us know!

dhruvang21 and others added 2 commits November 12, 2025 11:10
@dhruvang21 @swissspidy
Update warning message
6983b03 
Co-authored-by: Pascal Birchler <pascal.birchler@gmail.com>
@dhruvang21
refactor: code suggestions
397bb1b
@swissspidy swissspidy requested a review from a team November 12, 2025 11:10
@swissspidy swissspidy requested a review from Copilot December 2, 2025 20:20
Copilot AI reviewed Dec 2, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

php/WP_CLI/WpHttpCacheManager.php
Comment on lines +127 to +139
if ( ( 'zip' === $ext || 'application/zip' === $mime ) && class_exists( '\ZipArchive' ) ) {
$zip = new \ZipArchive();
$result = $zip->open( $file );
if ( true !== $result ) {
return false;
}
// Optional deeper check: ensure we can read file list.
if ( 0 === $zip->numFiles ) { //phpcs:ignore
$zip->close();
return false;
}
$zip->close();
}
Copy link

Copilot AI Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The resource leak can occur if $zip->open() succeeds but $zip->numFiles is 0. The $zip->close() is only called in the zero-files case, but not when the function returns true. This creates a resource leak where the ZipArchive remains open.

Consider closing the zip file in all code paths:

if ( ( 'zip' === $ext || 'application/zip' === $mime ) && class_exists( '\ZipArchive' ) ) {
    $zip    = new \ZipArchive();
    $result = $zip->open( $file );
    if ( true !== $result ) {
        return false;
    }
    // Optional deeper check: ensure we can read file list.
    $is_valid = $zip->numFiles > 0;
    $zip->close();
    if ( ! $is_valid ) {
        return false;
    }
}

Copilot uses AI. Check for mistakes.
dhruvang21 and others added 4 commits December 3, 2025 11:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@swissspidy swissspidy Awaiting requested review from swissspidy

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug command:cache

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Cache file validation in cache manager

2 participants

@dhruvang21 @swissspidy