fairpm/fair-plugin
1
0
Fork 0
mirror of https://ghproxy.net/https://github.com/fairpm/fair-plugin.git synced 2025-09-04 07:12:45 +08:00
Code Issues Projects Packages Wiki Activity Actions

Ensure the returned MetadataDocument ID matches the DID in the request. (#192)

Browse source 
Signed-off-by: costdev <79332690+costdev@users.noreply.github.com>
This commit is contained in:
Colin Stewart 2025-07-29 22:30:12 +01:00 committed by GitHub
parent 46bf451c18
commit be82312aa9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
inc/packages/namespace.php
View file

@ -122,7 +122,17 @@ function fetch_package_metadata( string $id ) {
}
$repo_url = $service->serviceEndpoint;
return fetch_metadata_doc( $repo_url );
$metadata = fetch_metadata_doc( $repo_url );
if ( is_wp_error( $metadata ) ) {
return $metadata;
}
if ( $metadata->id !== $id ) {
return new WP_Error( 'fair.packages.fetch_metadata.mismatch', __( 'Fetched metadata does not match the requested DID.', 'fair' ) );
}
return $metadata;
}
/**