Changeset 10268
- Timestamp:
- 09/16/2020 07:14:02 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-author-card.php
r9237 r10268 26 26 '5.102.171.', 27 27 '38.78.', 28 '42.109.', 28 29 '47.15.', 29 30 '49.50.124.', … … 37 38 '94.103.41.', 38 39 '109.123.', 40 '101.0.', 39 41 '110.55.1.251', 40 42 '110.55.4.248', 43 '114.31.', 41 44 '116.193.162.', 42 45 '119.235.251.', … … 163 166 <div class="profile-user-notes"> 164 167 <?php 168 // Check user status. 165 169 if ( defined( 'WPORG_SUPPORT_FORUMS_BLOGID' ) ) { 166 170 $user = new \WP_User( $author, '', WPORG_SUPPORT_FORUMS_BLOGID ); … … 197 201 } 198 202 203 // Include any warning flags. 204 $warning_flags = self::get_user_flags( $user->ID ); 205 if ( $warning_flags ) { 206 echo '<strong>' . __( 'Warning Flags:', 'wporg-plugins' ) . '</strong>'; 207 echo '<ul class="plugin-flagged">'; 208 foreach ( $warning_flags as $flag => $reasons ) { 209 echo '<li class="plugin-flagged-' . esc_attr( $flag ) . '"><strong>' . esc_html( strtoupper( $flag ) ) . ' (' . esc_html( count( $reasons ) ) . '):</strong> ' . esc_html( implode( '; ', $reasons ) ) . '</li>'; 210 } 211 echo '</ul>'; 212 } 213 214 // Check IPs. 215 $post_ids = get_posts( array( 216 'fields' => 'ids', 217 'post_type' => 'plugin', 218 'post_status' => 'any', 219 'author' => $author->ID, 220 'meta_key' => '_author_ip', 221 'posts_per_page' => -1, 222 ) ); 223 224 $user_ips = array_unique( array_map( function( $post_id ) { 225 return get_post_meta( $post_id, '_author_ip', true ); 226 }, $post_ids ) ); 227 228 if ( $user_ips ) { 229 sort( $user_ips, SORT_NUMERIC ); 230 231 /* translators: %s: comma-separated list of plugin author's IP addresses */ 232 printf( 233 '<p>' . __( 'IPs : %s', 'wporg-plugins' ) . '</p>', 234 implode( ', ', array_map( array( __NAMESPACE__ . '\Author_Card', 'link_ip' ), $user_ips ) ) 235 ); 236 } 237 238 // Include any user notes. 199 239 if ( ! empty( $user_notes ) ) { 200 240 _e( 'User notes:', 'wporg-plugins' ); … … 218 258 </div> 219 259 220 <?php221 $post_ids = get_posts( array(222 'fields' => 'ids',223 'post_type' => 'plugin',224 'post_status' => 'any',225 'author' => $author->ID,226 'meta_key' => '_author_ip',227 'posts_per_page' => -1,228 ) );229 230 $user_ips = array_unique( array_map( function( $post_id ) {231 return get_post_meta( $post_id, '_author_ip', true );232 }, $post_ids ) );233 234 if ( $user_ips ) :235 sort( $user_ips, SORT_NUMERIC );236 237 /* translators: %s: comma-separated list of plugin author's IP addresses */238 printf(239 '<p>' . __( 'IPs : %s', 'wporg-plugins' ) . '</p>',240 implode( ', ', array_map( array( __NAMESPACE__ . '\Author_Card', 'link_ip' ), $user_ips ) )241 );242 endif;243 ?>244 245 <?php if ( $author->user_pass == '~~~' ) : ?>246 <p><strong><?php _e( 'Has not logged in since we reset passwords in June 2011', 'wporg-plugins' ); ?></strong></p>247 <?php endif; ?>248 249 260 <div class="profile-plugins"> 250 261 <?php … … 314 325 315 326 return $output_ip; 327 } 328 329 protected static function get_user_flags( $user_id ) { 330 $author = get_user_by( 'id', $user_id ); 331 $flagged = array( 332 'low' => [], 333 'med' => [], 334 'high' => [], 335 ); 336 337 // Check for login. 338 if ( $author->user_pass == '~~~' ) { 339 array_push( $flagged['high'], 'has not logged in since we reset passwords in June 2011' ); 340 } 341 342 // Check for Yahoo. 343 if ( false !== stripos( $author->user_email, 'yahoo' ) ) { 344 array_push( $flagged['med'], 'account email contains yahoo and may not get our emails.' ); 345 } 346 347 // There has been an uptick in users with names ending in numbers AND being very new, submitting 348 // a lot of plugins after being banned. 349 $two_weeks_ago = time() - ( 2 * WEEK_IN_SECONDS ); 350 $four_days_ago = time() - ( 4 * DAY_IN_SECONDS ); 351 if ( is_numeric( substr( $author->user_login, - 1, 1 ) ) && strtotime( $author->user_registered ) > $four_days_ago ) { 352 // Username ends in numbers and is less than 4 days old. 353 array_push( $flagged['high'], 'account registered less than 4 days ago and username ends in numbers' ); 354 } elseif ( is_numeric( substr( $author->user_login, - 1, 1 ) ) ) { 355 // Username just ends in numbers. 356 array_push( $flagged['med'], 'username ends in numbers' ); 357 } elseif ( strtotime( $author->user_registered ) > $two_weeks_ago && strtotime( $author->user_registered ) < $four_days_ago ) { 358 // User account was registered less than 2 weeks ago (but longer than 4 days). 359 array_push( $flagged['low'], 'account registered less than 2 weeks ago' ); 360 // If they have 4+ plugins in 2 weeks, it MAY be an issue. 361 if ( 4 <= count( $author_plugins ) ) { 362 array_push( $flagged['med'], 'high number of submitted plugins in a short timeframe' ); 363 } 364 } elseif ( strtotime( $author->user_registered ) > $four_days_ago ) { 365 // User account was registered less than 4 days ago. 366 array_push( $flagged['med'], 'account registered less than 4 days ago' ); 367 // If they have 2+ plugins in 4 days, it's a problem. 368 if ( 2 <= count( $author_plugins ) ) { 369 array_push( $flagged['high'], 'high number of submitted plugins in a short timeframe' ); 370 } 371 } 372 373 // Check IPs. 374 $post_ids = get_posts( array( 375 'fields' => 'ids', 376 'post_type' => 'plugin', 377 'post_status' => 'any', 378 'author' => $author->ID, 379 'meta_key' => '_author_ip', 380 'posts_per_page' => -1, 381 ) ); 382 383 $user_ips = array_unique( array_map( function( $post_id ) { 384 return get_post_meta( $post_id, '_author_ip', true ); 385 }, $post_ids ) ); 386 387 if ( $user_ips ) { 388 sort( $user_ips, SORT_NUMERIC ); 389 390 foreach ( $user_ips as $check_ip ) { 391 // if IP is 100% bad, it's a high flag. 392 if ( in_array( $check_ip, self::$iffy_ips ) ) { 393 array_push( $flagged['high'], 'uses known bad IP - ' . $check_ip ); 394 } else { 395 foreach ( self::$iffy_ips as $check_iffy_ip ) { 396 if ( false !== strpos( $check_ip, $check_iffy_ip ) ) { 397 array_push( $flagged['med'], 'IP is partial match to known bad IPs - ' . $check_ip . ' vs ' . $check_iffy_ip ); 398 } 399 } 400 } 401 } 402 } 403 404 // Remove any keys that have no warnngs. 405 foreach ( $flagged as $level => $reasons ) { 406 if ( ! $reasons ) { 407 unset( $flagged[ $level ] ); 408 } 409 } 410 411 return $flagged; 412 316 413 } 317 414
Note: See TracChangeset
for help on using the changeset viewer.