Making WordPress.org

Changeset 12165


Ignore:
Timestamp:
10/31/2022 04:46:26 AM (2 years ago)
Author:
dd32
Message:

Plugin Directory: Upload checks: Prevent an upload of a plugin with a matching title/name (both in the plugin.php and readme.txt files).

Fixes #5880.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload-handler.php

    r12163 r12165  
    145145        $plugin_post = Plugin_Directory::get_plugin_post( $this->plugin_slug );
    146146
     147        // If no matching plugin by that slug, check to see if a plugin exists with that Title in the database.
     148        if ( ! $plugin_post ) {
     149            $plugin_posts = get_posts( array(
     150                'post_type'   => 'plugin',
     151                'title'       => $this->plugin['Name'],
     152                'post_status' => array( 'publish', 'pending', 'disabled', 'closed', 'new', 'draft', 'approved' ),
     153            ) );
     154
     155            if ( $plugin_posts ) {
     156                $plugin_post = array_shift( $plugin_posts );
     157            }
     158        }
     159
    147160        // Is there already a plugin with the same slug by a different author?
    148161        if ( $plugin_post && $plugin_post->post_author != get_current_user_id() ) {
     
    152165                /* translators: 1: plugin slug, 2: 'Plugin Name:' */
    153166                __( 'There is already a plugin with the name %1$s in the directory. You must rename your plugin by changing the %2$s line in your main plugin file and in your readme. Once you have done so, you may upload it again.', 'wporg-plugins' ),
    154                 '<code>' . $this->plugin_slug . '</code>',
     167                '<code>' . esc_html( $this->plugin['Name'] ) . '</code>',
    155168                '<code>Plugin Name:</code>'
    156169            ) );
     
    164177                /* translators: 1: plugin slug, 2: Documentation URL, 3: plugins@wordpress.org */
    165178                __( 'You have already submitted a plugin named %1$s. There is no need to resubmit existing plugins, even for new versions. Instead, please update your plugin within the directory via <a href="%2$s">SVN</a>. If you need assistance, email <a href="mailto:%3$s">%3$s</a> and let us know.', 'wporg-plugins' ),
    166                 '<code>' . $this->plugin_slug . '</code>',
     179                '<code>' . esc_html( $this->plugin['Name'] ) . '</code>',
    167180                __( 'https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/', 'wporg-plugins' ),
    168181                'plugins@wordpress.org'
     
    238251                    /* translators: 1: plugin slug, 2: 'Plugin Name:' */
    239252                    __( 'There is already a plugin with the name %1$s known to exist, though it is not hosted on WordPress.org. This means the permalink %2$s is already in use, and has a significant user base. Were we to accept it as-is, our system would overwrite those other installs and potentially damage any existing users. This is especially true since WordPress 5.5 and up will automatically update plugins and themes. You must rename your plugin by changing the %3$s line in your main plugin file and in your readme. Once you have done so, you may upload it again. If you feel this is an incorrect assessment of the situation, please email <a href="mailto:%4$s">%4$s</a> and explain why so that we may help you.', 'wporg-plugins' ),
    240                     '<code>' . $this->plugin['Name'] . '</code>',
     253                    '<code>' . esc_html( $this->plugin['Name'] ) . '</code>',
    241254                    '<code>' . $this->plugin_slug . '</code>',
    242255                    '<code>Plugin Name:</code>',
     
    259272        }
    260273        $readme = new Parser( $readme );
     274
     275        // Double check no existing plugins clash with the readme title.
     276        $readme_plugin_post = get_posts( array(
     277            'post_type'   => 'plugin',
     278            'title'       => $readme->name,
     279            'post_status' => array( 'publish', 'pending', 'disabled', 'closed', 'new', 'draft', 'approved' ),
     280        ) );
     281        if ( $readme_plugin_post ) {
     282            $error = __( 'README Error: The plugin has already been submitted.', 'wporg-plugins' );
     283
     284            return new \WP_Error( 'already_submitted', $error . ' ' . sprintf(
     285                /* translators: 1: plugin slug, 2: Documentation URL, 3: plugins@wordpress.org */
     286                __( 'You have already submitted a plugin named %1$s. There is no need to resubmit existing plugins, even for new versions. Instead, please update your plugin within the directory via <a href="%2$s">SVN</a>. If you need assistance, email <a href="mailto:%3$s">%3$s</a> and let us know.', 'wporg-plugins' ),
     287                '<code>' . esc_html( $readme->name ) . '</code>',
     288                __( 'https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/', 'wporg-plugins' ),
     289                'plugins@wordpress.org'
     290            ) );
     291        }
     292
     293        if ( function_exists( 'wporg_stats_get_plugin_name_install_count' ) ) {
     294            $installs = wporg_stats_get_plugin_name_install_count( $readme->name );
     295
     296            if ( $installs && $installs->count >= 100 ) {
     297                $error = __( 'Error: That plugin name is already in use.', 'wporg-plugins' );
     298
     299                return new \WP_Error( 'already_exists_in_the_wild', $error . ' ' . sprintf(
     300                    /* translators: 1: plugin slug, 2: 'Plugin Name:' */
     301                    __( 'There is already a plugin with the name %1$s known to exist, though it is not hosted on WordPress.org. This means the permalink %2$s is already in use, and has a significant user base. Were we to accept it as-is, our system would overwrite those other installs and potentially damage any existing users. This is especially true since WordPress 5.5 and up will automatically update plugins and themes. You must rename your plugin by changing the %3$s line in your main plugin file and in your readme. Once you have done so, you may upload it again. If you feel this is an incorrect assessment of the situation, please email <a href="mailto:%4$s">%4$s</a> and explain why so that we may help you.', 'wporg-plugins' ),
     302                    '<code>' . esc_html( $readme->name ) . '</code>',
     303                    '<code>' . $this->plugin_slug . '</code>',
     304                    '<code>Plugin Name:</code>',
     305                    'plugins@wordpress.org'
     306                ) );
     307            }
     308        }
    261309
    262310        // Check for a readme license.
Note: See TracChangeset for help on using the changeset viewer.