BenV's notes

Another wordpress update

by on Oct.21, 2009, under Morons, Software

Version 2.8.5 is here! Some important security hardening going on, fixing a trackback DoS attack (or so they claim). Some more details over here. As usualy the automatic update failed for me, so once again the fix for this error:

Download failed.: Operation timed out after 60 seconds with 1538482 bytes received

Either patch it manually:

  • Edit wp-admin/includes/file.php and change line 448 to a more reasonable default.
  • The line sould become something like: $response = wp_remote_get($url, array('timeout' => 600));

Or use this patch:

--- wp-admin/includes/file.php.org 2009-10-21 17:03:47.000000000 +0200
+++ wp-admin/includes/file.php 2009-10-21 17:03:06.000000000 +0200
@@ -445,7 +445,7 @@
if ( ! $handle )
return new WP_Error('http_no_file', __('Could not create Temporary file'));

- $response = wp_remote_get($url, array('timeout' => 60));
+ $response = wp_remote_get($url, array('timeout' => 600));

if ( is_wp_error($response) ) {
fclose($handle);

[Download not found]

When I tried adding the above patch as a download (using the download monitor plugin) I got this failure:

File type does not meet security guidelines. Try another.

What the fuck guys, this is a TEXT file. Grepping through the sources I find the wp-admin/includes/file.php file to be the nazi. Apparently I’m not allowed (as site admin) to pass this current_user_can( 'unfiltered_upload' ). Security hardening, yeah… against idiots perhaps.
I’m expecting an update of either wordpress or the download monitor plugin soon.
Meanwhile I simply uploaded the file manually and added an existing download. Pfffrt, the hassle.




:, ,

1 Trackback or Pingback for this entry

Leave a Reply

You must be logged in to post a comment.

Archives

  • 2018 (1)
  • 2016 (1)
  • 2015 (7)
  • 2014 (4)
  • 2013 (11)
  • 2012 (27)
  • 2011 (26)
  • 2010 (25)
  • 2009 (68)