Skip to content

Windows: Add hardening when renaming Phar during update#6297

Open
swissspidy wants to merge 3 commits intomainfrom
fix/harden-update
Open

Windows: Add hardening when renaming Phar during update#6297
swissspidy wants to merge 3 commits intomainfrom
fix/harden-update

Conversation

@swissspidy
Copy link
Copy Markdown
Member

@swissspidy swissspidy commented Apr 8, 2026

No description provided.

@swissspidy swissspidy added scope:distribution Related to distribution command:cli-update Related to 'cli update' command os:windows labels Apr 8, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026

Hello! 👋

Thanks for opening this pull request! Please check out our contributing guidelines. We appreciate you taking the initiative to contribute to this project.

Contributing isn't limited to just code. We encourage you to contribute in the way that best fits your abilities, by writing tutorials, giving a demo at your local meetup, helping other users with their support questions, or revising our documentation.

Here are some useful Composer commands to get you started:

  • composer install: Install dependencies.
  • composer test: Run the full test suite.
  • composer phpcs: Check for code style violations.
  • composer phpcbf: Automatically fix code style violations.
  • composer phpunit: Run unit tests.
  • composer behat: Run behavior-driven tests.

To run a single Behat test, you can use the following command:

# Run all tests in a single file
composer behat features/some-feature.feature

# Run only a specific scenario (where 123 is the line number of the "Scenario:" title)
composer behat features/some-feature.feature:123

You can find a list of all available Behat steps in our handbook.

@github-actions github-actions bot added the bug label Apr 8, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 8, 2026

Codecov Report

❌ Patch coverage is 0% with 13 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
php/commands/src/CLI_Command.php 0.00% 13 Missing ⚠️

📢 Thoughts on this report? Let us know!

@swissspidy swissspidy added this to the 3.0.0 milestone Apr 8, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces Windows-specific logic for updating the WP-CLI PHAR file, utilizing a backup file during the rename process to avoid potential file locking issues. Feedback was provided to improve the robustness of the realpath() call, as it can return false and result in an empty string when cast; a suggestion was made to fall back to the original path and to ensure support for tilde expansion in home-relative paths.

@swissspidy swissspidy marked this pull request as ready for review April 13, 2026 14:35
@swissspidy swissspidy requested a review from a team as a code owner April 13, 2026 14:35
Copilot AI review requested due to automatic review settings April 13, 2026 14:35
Copilot AI reviewed Apr 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens wp cli update behavior on Windows by avoiding in-place overwrites of the running Phar and instead performing a safer rename/backup swap during self-update.

Changes:

  • Resolve the temp Phar path with realpath() before replacement.
  • On Windows, rename the existing Phar to a .bak, move the new Phar into place, and attempt cleanup of the backup.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

php/commands/src/CLI_Command.php
Comment on lines +523 to +524
@rename( $bak_file, $old_phar ); // Revert
WP_CLI::error( sprintf( 'Cannot move %s to %s', $temp, $old_phar ) );
php/commands/src/CLI_Command.php
Comment on lines +515 to +518
$bak_file = $old_phar . '.bak';
if ( file_exists( $bak_file ) ) {
@unlink( $bak_file );
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug command:cli-update Related to 'cli update' command os:windows scope:distribution Related to distribution

Projects

None yet

Milestone

3.0.0

Development

Successfully merging this pull request may close these issues.

2 participants

@swissspidy