From 0fae978700b289d00c497a9ac6f632e9b0297115 Mon Sep 17 00:00:00 2001
From: Mikael Lindqvist <li.mikael@gmail.com>
Date: Sat, 20 Aug 2016 00:00:05 +0300
Subject: [PATCH] better checking of github webhook data

---
 src/GitHub_Updater/Rest_Update.php | 34 +++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/src/GitHub_Updater/Rest_Update.php b/src/GitHub_Updater/Rest_Update.php
index 564fa6748..d06ce3e14 100644
--- a/src/GitHub_Updater/Rest_Update.php
+++ b/src/GitHub_Updater/Rest_Update.php
@@ -198,20 +198,33 @@ public function get_messages() {
 	}
 
 	/**
-	 * See if a tag came in through a github webhook. If so, return it,
-	 * otherwise return null. It is good to check this tag from github and
+	 * See if a tag came in through a github webhook. If so, return an
+	 * array containing the keys branch and hash related to the commit.
+	 * It is good to use this latest commited hash from github and
 	 * be explicit when specifying the tag we want to update to. If we don't
 	 * do this there is a chance for a race condition, since the default
 	 * zip file on github might not have been created yet.
 	 */
-	private function get_tag_from_github_webhook() {
+	private function get_github_webhook_data() {
 		$request_body = file_get_contents('php://input');
 		$request_data = json_decode($request_body, TRUE);
 
-		if (isset($request_data["after"]))
-			return $request_data["after"];
+		if (!$request_data) {
+			return NULL;
+		}
+
+		if (!isset($request_data["ref"]) || !isset($request_data["after"])) {
+			return NULL;
+		}
+
+		$res = array();
+		$res["hash"] = $request_data["after"];
+		$res["branch"] = substr(
+			$request_data["ref"],
+			strrpos($request_data["ref"], '/') + 1
+		);
 
-		return NULL;
+		return $res;
 	}
 
 	/**
@@ -232,15 +245,16 @@ public function process_request() {
 				throw new \Exception( esc_html__( 'Bad api key.', 'github-updater' ) );
 			}
 
-			$github_webhook_tag = $this->get_tag_from_github_webhook();
 			$tag = 'master';
-
 			if ( isset( $_REQUEST['tag'] ) ) {
 				$tag = $_REQUEST['tag'];
 			} elseif ( isset( $_REQUEST['committish'] ) ) {
 				$tag = $_REQUEST['committish'];
-			} elseif ($github_webhook_tag) {
-				$tag = $github_webhook_tag;
+			}
+
+			$hook_data = $this->get_github_webhook_data();
+			if ($hook_data && $tag == $hook_data["branch"]) {
+				$tag = $hook_data["hash"];
 			}
 
 			if ( isset( $_REQUEST['plugin'] ) ) {