/**
* Verify checksum of downloaded version
*
* @param string $version A downloaded version to check
* @return boolean TRUE on success
*/
public function verifyFileChecksum($version)
{
$fileLocation = $this->getDownloadTarGzTargetPath($version);
$expectedChecksum = $this->coreVersionService->getTarGzSha1OfVersion($version);
$messages = array();
$success = TRUE;
if (!file_exists($fileLocation)) {
$success = FALSE;
/** @var $message \TYPO3\CMS\Install\Status\StatusInterface */
$message = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
$message->setTitle('Downloaded core not found');
$messages[] = $message;
} else {
$actualChecksum = sha1_file($fileLocation);
if ($actualChecksum !== $expectedChecksum) {
$success = FALSE;
/** @var $message \TYPO3\CMS\Install\Status\StatusInterface */
$message = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
$message->setTitle('New core checksum mismatch');
$message->setMessage('The official TYPO3 CMS version system on https://get.typo3.org expects a sha1 checksum of ' . $expectedChecksum . ' from the content of the downloaded new core version ' . $version . '.' . ' The actual checksum is ' . $actualChecksum . '. The update is stopped. This may be a' . ' failed download, an attack, or an issue with the typo3.org infrastructure.');
$messages[] = $message;
}
}
$this->messages = $messages;
return $success;
}
/**
* Verify checksum of downloaded version
*
* @param string $version A downloaded version to check
* @return bool TRUE on success
*/
public function verifyFileChecksum($version)
{
$messages = array();
$success = true;
if ($this->checkCoreFilesAvailable($version)) {
/** @var $message StatusInterface */
$message = $this->objectManager->get(WarningStatus::class);
$message->setTitle('Verifying existing TYPO3 CMS core checksum is not possible');
$messages[] = $message;
} else {
$fileLocation = $this->getDownloadTarGzTargetPath($version);
$expectedChecksum = $this->coreVersionService->getTarGzSha1OfVersion($version);
if (!file_exists($fileLocation)) {
$success = false;
/** @var $message StatusInterface */
$message = $this->objectManager->get(ErrorStatus::class);
$message->setTitle('Downloaded TYPO3 CMS core not found');
$messages[] = $message;
} else {
$actualChecksum = sha1_file($fileLocation);
if ($actualChecksum !== $expectedChecksum) {
$success = false;
/** @var $message StatusInterface */
$message = $this->objectManager->get(ErrorStatus::class);
$message->setTitle('New TYPO3 CMS core checksum mismatch');
$message->setMessage('The official TYPO3 CMS version system on https://get.typo3.org expects a sha1 checksum of ' . $expectedChecksum . ' from the content of the downloaded new TYPO3 CMS core version ' . $version . '.' . ' The actual checksum is ' . $actualChecksum . '. The update is stopped. This may be a' . ' failed download, an attack, or an issue with the typo3.org infrastructure.');
$messages[] = $message;
} else {
$message = $this->objectManager->get(OkStatus::class);
$message->setTitle('Checksum verified');
$messages[] = $message;
}
}
}
$this->messages = $messages;
return $success;
}