Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
0.00% covered (danger)
0.00%
0 / 44
n/a
0 / 0
CRAP
n/a
0 / 0
1<?php
2/**
3 * Safeguard file.
4 *
5 * @package safeguard
6 */
7
8namespace Safeguard;
9
10/**
11 * Plugin Name: Safeguard
12 * Description: Checking plugin for safety and compatibility.
13 * Version: 0.0.6
14 * Author: Automattic
15 * Author URI: http://automattic.com/
16 */
17
18require_once __DIR__ . '/utils.php';
19
20$attachment_data = array();
21
22add_filter(
23    'wp_insert_attachment_data',
24    function ( $data ) use ( $attachment_data ) {
25        $attachment_data = $data;
26
27        add_filter(
28            'upgrader_pre_download',
29            /**
30             * `upgrader_pre_download` filter for checking plugin before install.
31             *
32             * @param $reply
33             * @param $package
34             * @param $wp_upgrader
35             *
36             * @return bool|\WP_Error
37             */
38            function ( $reply, $package, $wp_upgrader ) use ( $attachment_data ) {
39                // Ensure package is a plugin.
40                if (
41                    ! property_exists( $wp_upgrader, 'skin' ) ||
42                    ! is_a( $wp_upgrader->skin, 'Plugin_Installer_Skin' )
43                ) {
44                    return false;
45                }
46
47                // Avoid checking if the package source is a URL.
48                $package_is_url = filter_var( $package, FILTER_VALIDATE_URL );
49                if ( $package_is_url ) {
50                    return false;
51                }
52
53                // Get plugin slug from package file.
54                $plugin_data = get_plugin_data_from_package( $package );
55                if ( is_wp_error( $plugin_data ) ) {
56                    log_safeguard_error( $plugin_data, array( 'package' => $package ) );
57                    return false;
58                }
59
60                // Create request body.
61                $request_body = array();
62
63                // Check the plugin exists in wordpress.org.
64                $plugin_info = search_plugin_info( $plugin_data['slug'] );
65                if ( is_wp_error( $plugin_info ) ) {
66                    $request_body['not-registered'] = true;
67                    log_safeguard_error( 'Plugin not registered in wporg', array( 'package' => $package ) );
68                }
69
70                $request_body['file_url'] = $attachment_data['guid'];
71                $request_body['hash']     = $plugin_data['hash'];
72                $request_body['version']  = $plugin_data['version'];
73
74                // check plugin hitting the WP COM API endpoint
75                $checking_passed = request_check_plugin( $plugin_data['slug'], $request_body );
76                if ( is_wp_error( $checking_passed ) ) {
77                    log_safeguard_error(
78                        $checking_passed,
79                        array(
80                            'package' => $package,
81                            'info'    => $checking_passed->get_error_data(),
82                        )
83                    );
84                }
85
86                // Remember, return `false` if plugin is ok. Filters ¯\_(ツ)_/¯
87                return false;
88            },
89            1,
90            3
91        );
92
93        return $data;
94    }
95);