Merge branch 'develop'

CHANGES.md

@@ -1,5 +1,11 @@
 #### [unreleased]
 
+#### 8.8.2 / 2019-07-02
+* added check for `Basic_Auth_Loader::get_credentials()` to match `$slug` and `$git`, fixes edge case [#796](https://github.com/afragen/github-updater/issues/796)
+* refactored `Basic_Auth_Loader::get_credentials()` to split out `Basic_Auth_Loader::get_slug_for_credentials()` and `Basic_Auth_Loader::get_type_for_credentials()`
+* created more precise adding and removing `Basic_Auth_Loader` hooks
+* fixed `Bitbucket_API` return when no tags found
+
 #### 8.8.1 / 2019-06-11
 * set `homepage` to `PluginURI` or `ThemeURI`, fixes [#791](https://github.com/afragen/github-updater/issues/791)
 * fixed Bitbucket release asset updates for proper containing folder structure, thanks @benoitchantre for the bug report

github-updater.php

@@ -12,7 +12,7 @@
  * Plugin Name:       GitHub Updater
  * Plugin URI:        https://github.com/afragen/github-updater
  * Description:       A plugin to automatically update GitHub, Bitbucket, GitLab, or Gitea hosted plugins, themes, and language packs. It also allows for remote installation of plugins or themes into WordPress.
- * Version:           8.8.1
+ * Version:           8.8.2
  * Author:            Andy Fragen
  * License:           GNU General Public License v2
  * License URI:       http://www.gnu.org/licenses/gpl-2.0.html

languages/github-updater.pot

@@ -2,14 +2,14 @@
 # This file is distributed under the same license as the GitHub Updater plugin.
 msgid ""
 msgstr ""
-"Project-Id-Version: GitHub Updater 8.8.1\n"
+"Project-Id-Version: GitHub Updater 8.8.2\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/github-updater\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2019-06-12T00:38:56+00:00\n"
+"POT-Creation-Date: 2019-07-02T23:20:16+00:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.2.0\n"
 "X-Domain: github-updater\n"
@@ -190,7 +190,7 @@ msgstr ""
 
 #. translators: 1: branch name, 2: jQuery dropdown, 3: closing tag
 #: src/GitHub_Updater/Theme.php:581
-#: src/GitHub_Updater/Base.php:828
+#: src/GitHub_Updater/Base.php:822
 msgid "Current branch is `%1$s`, try %2$sanother version%3$s"
 msgstr ""
 
@@ -199,23 +199,23 @@ msgid "Choose a Version"
 msgstr ""
 
 #: src/GitHub_Updater/Theme.php:607
-#: src/GitHub_Updater/Base.php:863
+#: src/GitHub_Updater/Base.php:857
 msgid "No previous tags to rollback to."
 msgstr ""
 
 #: src/GitHub_Updater/Theme.php:611
 msgid "Install"
 msgstr ""
 
-#: src/GitHub_Updater/Base.php:446
+#: src/GitHub_Updater/Base.php:440
 msgid "There may be a problem with WP-Cron. A GitHub Updater WP-Cron event is overdue."
 msgstr ""
 
-#: src/GitHub_Updater/Base.php:839
+#: src/GitHub_Updater/Base.php:833
 msgid "Switch to branch "
 msgstr ""
 
-#: src/GitHub_Updater/Base.php:855
+#: src/GitHub_Updater/Base.php:849
 msgid "Switch to release "
 msgstr ""
 
@@ -237,49 +237,49 @@ msgstr ""
 msgid "Use of Remote Management services may result increase some page load speeds only for `admin` level users in the dashboard."
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:386
+#: src/GitHub_Updater/API/Bitbucket_API.php:382
 msgid "Bitbucket Private Settings"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:393
-#: src/GitHub_Updater/API/Bitbucket_API.php:481
+#: src/GitHub_Updater/API/Bitbucket_API.php:389
+#: src/GitHub_Updater/API/Bitbucket_API.php:477
 msgid "Bitbucket Username"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:402
-#: src/GitHub_Updater/API/Bitbucket_API.php:489
+#: src/GitHub_Updater/API/Bitbucket_API.php:398
+#: src/GitHub_Updater/API/Bitbucket_API.php:485
 msgid "Bitbucket Password"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:418
+#: src/GitHub_Updater/API/Bitbucket_API.php:414
 msgid "Bitbucket Private Repositories"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:448
+#: src/GitHub_Updater/API/Bitbucket_API.php:444
 msgid "Bitbucket"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:457
+#: src/GitHub_Updater/API/Bitbucket_API.php:453
 msgid "Check box if private repository. Leave unchecked for public repositories."
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:464
+#: src/GitHub_Updater/API/Bitbucket_API.php:460
 msgid "Enter your personal Bitbucket username and password."
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:498
+#: src/GitHub_Updater/API/Bitbucket_API.php:494
 msgid "Private Bitbucket Repository"
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:514
+#: src/GitHub_Updater/API/Bitbucket_API.php:510
 msgid "Check for private Bitbucket repositories."
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:529
+#: src/GitHub_Updater/API/Bitbucket_API.php:525
 msgid "Enter Bitbucket username."
 msgstr ""
 
-#: src/GitHub_Updater/API/Bitbucket_API.php:544
+#: src/GitHub_Updater/API/Bitbucket_API.php:540
 msgid "Enter Bitbucket password."
 msgstr ""
 

src/GitHub_Updater/API/Bitbucket_API.php

@@ -282,6 +282,11 @@ function ( $e ) use ( &$arr ) {
 			(array) $response->values
 		);
 
+		if ( ! $arr ) {
+			$arr          = new \stdClass();
+			$arr->message = 'No tags found';
+		}
+
 		return $arr;
 	}
 
@@ -356,15 +361,6 @@ protected function parse_tags( $response, $repo_type ) {
 		$rollback = [];
 
 		foreach ( (array) $response as $tag ) {
-			// $download_base    = implode(
-			// '/',
-			// [
-			// $repo_type['base_download'],
-			// $this->type->owner,
-			// $this->type->owner,
-			// 'get/',
-			// ]
-			// );
 			$download_base    = "{$repo_type['base_download']}/{$this->type->owner}/{$this->type->owner}/get/";
 			$tags[]           = $tag;
 			$rollback[ $tag ] = $download_base . $tag . '.zip';

src/GitHub_Updater/Base.php

@@ -328,7 +328,7 @@ public function get_remote_repo_meta( $repo ) {
 			$language_pack->run();
 		}
 
-		$this->remove_hooks( $repo_api );
+		$this->remove_hooks();
 
 		return true;
 	}
@@ -402,16 +402,10 @@ protected function get_changelog_filename( $repo ) {
 
 	/**
 	 * Remove hooks after use.
-	 *
-	 * @param \stdClass $repo_api
 	 */
-	public function remove_hooks( $repo_api ) {
+	public function remove_hooks() {
 		remove_filter( 'extra_theme_headers', [ $this, 'add_headers' ] );
 		remove_filter( 'extra_plugin_headers', [ $this, 'add_headers' ] );
-
-		if ( $repo_api instanceof Bitbucket_API ) {
-			$this->remove_authentication_hooks();
-		}
 	}
 
 	/**

src/GitHub_Updater/Traits/API_Common.php

@@ -10,6 +10,7 @@
 
 namespace Fragen\GitHub_Updater\Traits;
 
+use Fragen\Singleton;
 use Fragen\GitHub_Updater\Readme_Parser as Readme_Parser;
 
 /**
@@ -341,6 +342,7 @@ public function get_api_release_asset( $git, $request ) {
 		}
 
 		if ( ! $response ) {
+			add_filter( 'http_request_args', [ Singleton::get_instance( 'API', $this ), 'http_release_asset_auth' ], 15, 2 );
 			self::$method = 'release_asset';
 			$response     = $this->api( $request );
 			$response     = $this->parse_release_asset( $git, $request, $response );
@@ -349,6 +351,7 @@ public function get_api_release_asset( $git, $request ) {
 				$response          = new \stdClass();
 				$response->message = 'No release asset found';
 			}
+			remove_filter( 'http_request_args', [ Singleton::get_instance( 'API', $this ), 'http_release_asset_auth' ] );
 		}
 
 		if ( $response && ! isset( $this->response['release_asset'] ) ) {

src/GitHub_Updater/Traits/Basic_Auth_Loader.php

@@ -73,6 +73,7 @@ public function maybe_basic_authenticate_http( $args, $url ) {
 
 			$args['headers']['Authorization'] = 'Basic ' . base64_encode( "$username:$password" );
 		}
+		remove_filter( 'http_request_args', [ $this, 'maybe_basic_authenticate_http' ] );
 
 		return $args;
 	}
@@ -88,7 +89,6 @@ public function maybe_basic_authenticate_http( $args, $url ) {
 	 */
 	private function get_credentials( $url ) {
 		$headers      = parse_url( $url );
-		$type         = $this->get_class_vars( 'Base', 'caller' );
 		$username_key = null;
 		$password_key = null;
 		$credentials  = [
@@ -105,6 +105,43 @@ private function get_credentials( $url ) {
 			Singleton::get_instance( 'Theme', $this )->get_theme_configs()
 		);
 
+		$slug = $this->get_slug_for_credentials( $headers, $repos, $url );
+		$type = $this->get_type_for_credentials( $slug, $repos, $url );
+
+		switch ( $type ) {
+			case 'bitbucket':
+			case $type instanceof Bitbucket_API:
+			case $type instanceof Bitbucket_Server_API:
+				$bitbucket_org = in_array( $headers['host'], $hosts, true );
+				$username_key  = $bitbucket_org ? 'bitbucket_username' : 'bitbucket_server_username';
+				$password_key  = $bitbucket_org ? 'bitbucket_password' : 'bitbucket_server_password';
+				break;
+		}
+
+		// TODO: can use `( $this->caller )::$options` in PHP7.
+		$caller          = $this->get_class_vars( 'Base', 'caller' );
+		static::$options = $caller instanceof Install ? $caller::$options : static::$options;
+
+		if ( isset( static::$options[ $username_key ], static::$options[ $password_key ] ) ) {
+			$credentials['username'] = static::$options[ $username_key ];
+			$credentials['password'] = static::$options[ $password_key ];
+			$credentials['isset']    = true;
+			$credentials['private']  = $this->is_repo_private( $url );
+		}
+
+		return $credentials;
+	}
+
+	/**
+	 * Get $slug for Basic Auth credentials.
+	 *
+	 * @param array  $headers Array of headers from parse_url().
+	 * @param array  $repos   Array of repositories.
+	 * @param string $url     URL being called by API.
+	 *
+	 * @return bool|string $slug
+	 */
+	private function get_slug_for_credentials( $headers, $repos, $url ) {
 		$slug = isset( $_REQUEST['slug'] ) ? $_REQUEST['slug'] : false;
 		$slug = ! $slug && isset( $_REQUEST['plugin'] ) ? $_REQUEST['plugin'] : $slug;
 		$slug = ! $slug && isset( $_REQUEST['theme'] ) ? $_REQUEST['theme'] : $slug;
@@ -129,8 +166,33 @@ function ( $e ) use ( $url ) {
 			}
 		}
 
-		$type = $slug &&
-				isset( $repos[ $slug ] ) && property_exists( $repos[ $slug ], 'git' )
+		// In case $type set from Base::$caller doesn't match.
+		if ( ! $slug && isset( $headers['path'] ) ) {
+			$path_arr = explode( '/', $headers['path'] );
+			foreach ( $path_arr as $key ) {
+				if ( array_key_exists( $key, $repos ) ) {
+					$slug = $key;
+					break;
+				}
+			}
+		}
+
+		return $slug;
+	}
+
+	/**
+	 * Get repo type for Basic Auth credentials.
+	 *
+	 * @param string $slug  Repository slug.
+	 * @param array  $repos Array of repositories.
+	 * @param string $url   URL being called by API.
+	 *
+	 * @return string $slug
+	 */
+	private function get_type_for_credentials( $slug, $repos, $url ) {
+		$type = $this->get_class_vars( 'Base', 'caller' );
+
+		$type = $slug && isset( $repos[ $slug ] ) && property_exists( $repos[ $slug ], 'git' )
 			? $repos[ $slug ]->git
 			: $type;
 
@@ -150,28 +212,7 @@ function ( $e ) use ( $url ) {
 			? $_POST['github_updater_api']
 			: $type;
 
-		switch ( $type ) {
-			case 'bitbucket':
-			case $type instanceof Bitbucket_API:
-			case $type instanceof Bitbucket_Server_API:
-				$bitbucket_org = in_array( $headers['host'], $hosts, true );
-				$username_key  = $bitbucket_org ? 'bitbucket_username' : 'bitbucket_server_username';
-				$password_key  = $bitbucket_org ? 'bitbucket_password' : 'bitbucket_server_password';
-				break;
-		}
-
-		// TODO: can use `( $this->caller )::$options` in PHP7.
-		$caller          = $this->get_class_vars( 'Base', 'caller' );
-		static::$options = $caller instanceof Install ? $caller::$options : static::$options;
-
-		if ( isset( static::$options[ $username_key ], static::$options[ $password_key ] ) ) {
-			$credentials['username'] = static::$options[ $username_key ];
-			$credentials['password'] = static::$options[ $password_key ];
-			$credentials['isset']    = true;
-			$credentials['private']  = $this->is_repo_private( $url );
-		}
-
-		return $credentials;
+		return $type;
 	}
 
 	/**
@@ -232,6 +273,7 @@ public function http_release_asset_auth( $args, $url ) {
 		if ( isset( $arr_url['host'] ) && 'bbuseruploads.s3.amazonaws.com' === $arr_url['host'] ) {
 			unset( $args['headers']['Authorization'] );
 		}
+		remove_filter( 'http_request_args', [ $this, 'http_release_asset_auth' ] );
 
 		return $args;
 	}
@@ -270,6 +312,7 @@ public function upgrader_pre_download( $reply, $package, $class ) {
 				}
 			}
 		}
+		$this->remove_authentication_hooks();
 		remove_filter( 'upgrader_pre_download', [ $this, 'upgrader_pre_download' ] );
 
 		return $reply;