/**
* Return the result of the checksum of a package with the SHA256/SHA384/SHA512 tags in the update server manifest
*
* @param string $packagefile Location of the package to be installed
* @param Update $updateObject The Update Object
*
* @return integer one if the hashes match, zero if hashes doesn't match, two if hashes not found
*
* @since 3.9.0
*/
public static function isChecksumValid($packagefile, $updateObject)
{
$hashes = array('sha256', 'sha384', 'sha512');
$hashOnFile = false;
foreach ($hashes as $hash) {
if ($updateObject->get($hash, false)) {
$hashPackage = hash_file($hash, $packagefile);
$hashRemote = $updateObject->{$hash}->_data;
$hashOnFile = true;
if ($hashPackage !== strtolower($hashRemote)) {
return self::HASH_NOT_VALIDATED;
}
}
}
if ($hashOnFile) {
return self::HASH_VALIDATED;
}
return self::HASH_NOT_PROVIDED;
}