Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
0.00% |
0 / 44 |
n/a |
0 / 0 |
CRAP | n/a |
0 / 0 |
||
| 1 | <?php |
| 2 | /** |
| 3 | * Safeguard file. |
| 4 | * |
| 5 | * @package safeguard |
| 6 | */ |
| 7 | |
| 8 | namespace Safeguard; |
| 9 | |
| 10 | /** |
| 11 | * Plugin Name: Safeguard |
| 12 | * Description: Checking plugin for safety and compatibility. |
| 13 | * Version: 0.0.6 |
| 14 | * Author: Automattic |
| 15 | * Author URI: http://automattic.com/ |
| 16 | */ |
| 17 | |
| 18 | require_once __DIR__ . '/utils.php'; |
| 19 | |
| 20 | $attachment_data = array(); |
| 21 | |
| 22 | add_filter( |
| 23 | 'wp_insert_attachment_data', |
| 24 | function ( $data ) use ( $attachment_data ) { |
| 25 | $attachment_data = $data; |
| 26 | |
| 27 | add_filter( |
| 28 | 'upgrader_pre_download', |
| 29 | /** |
| 30 | * `upgrader_pre_download` filter for checking plugin before install. |
| 31 | * |
| 32 | * @param $reply |
| 33 | * @param $package |
| 34 | * @param $wp_upgrader |
| 35 | * |
| 36 | * @return bool|\WP_Error |
| 37 | */ |
| 38 | function ( $reply, $package, $wp_upgrader ) use ( $attachment_data ) { |
| 39 | // Ensure package is a plugin. |
| 40 | if ( |
| 41 | ! property_exists( $wp_upgrader, 'skin' ) || |
| 42 | ! is_a( $wp_upgrader->skin, 'Plugin_Installer_Skin' ) |
| 43 | ) { |
| 44 | return false; |
| 45 | } |
| 46 | |
| 47 | // Avoid checking if the package source is a URL. |
| 48 | $package_is_url = filter_var( $package, FILTER_VALIDATE_URL ); |
| 49 | if ( $package_is_url ) { |
| 50 | return false; |
| 51 | } |
| 52 | |
| 53 | // Get plugin slug from package file. |
| 54 | $plugin_data = get_plugin_data_from_package( $package ); |
| 55 | if ( is_wp_error( $plugin_data ) ) { |
| 56 | log_safeguard_error( $plugin_data, array( 'package' => $package ) ); |
| 57 | return false; |
| 58 | } |
| 59 | |
| 60 | // Create request body. |
| 61 | $request_body = array(); |
| 62 | |
| 63 | // Check the plugin exists in wordpress.org. |
| 64 | $plugin_info = search_plugin_info( $plugin_data['slug'] ); |
| 65 | if ( is_wp_error( $plugin_info ) ) { |
| 66 | $request_body['not-registered'] = true; |
| 67 | log_safeguard_error( 'Plugin not registered in wporg', array( 'package' => $package ) ); |
| 68 | } |
| 69 | |
| 70 | $request_body['file_url'] = $attachment_data['guid']; |
| 71 | $request_body['hash'] = $plugin_data['hash']; |
| 72 | $request_body['version'] = $plugin_data['version']; |
| 73 | |
| 74 | // check plugin hitting the WP COM API endpoint |
| 75 | $checking_passed = request_check_plugin( $plugin_data['slug'], $request_body ); |
| 76 | if ( is_wp_error( $checking_passed ) ) { |
| 77 | log_safeguard_error( |
| 78 | $checking_passed, |
| 79 | array( |
| 80 | 'package' => $package, |
| 81 | 'info' => $checking_passed->get_error_data(), |
| 82 | ) |
| 83 | ); |
| 84 | } |
| 85 | |
| 86 | // Remember, return `false` if plugin is ok. Filters ¯\_(ツ)_/¯ |
| 87 | return false; |
| 88 | }, |
| 89 | 1, |
| 90 | 3 |
| 91 | ); |
| 92 | |
| 93 | return $data; |
| 94 | } |
| 95 | ); |