Changeset 12508
- Timestamp:
- 03/29/2023 08:36:13 AM (19 months ago)
- Location:
- sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
- Files:
-
- 1 added
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-plugin-directory.php
r12491 r12508 4 4 use WordPressdotorg\Plugin_Directory\Admin\Customizations; 5 5 use WordPressdotorg\Plugin_Directory\Tools; 6 use WordPressdotorg\Plugin_Directory\Admin\Tools\Author_Cards; 7 use WordPressdotorg\Plugin_Directory\Admin\Tools\Stats_Report; 6 use WordPressdotorg\Plugin_Directory\Admin\Tools\{ Author_Cards, Stats_Report, Upload_Token }; 8 7 9 8 /** … … 107 106 Author_Cards::instance(); 108 107 Stats_Report::instance(); 108 Upload_Token::instance(); 109 109 110 110 add_action( 'wp_insert_post_data', array( __NAMESPACE__ . '\Admin\Status_Transitions', 'can_change_post_status' ), 10, 2 ); -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload-handler.php
r12394 r12508 5 5 use WordPressdotorg\Plugin_Directory\Plugin_Directory; 6 6 use WordPressdotorg\Plugin_Directory\Tools\Filesystem; 7 use WordPressdotorg\Plugin_Directory\Admin\Tools\Upload_Token; 7 8 8 9 /** … … 59 60 */ 60 61 public function process_upload() { 62 $has_upload_token = $this->has_valid_upload_token(); 61 63 $zip_file = $_FILES['zip_file']['tmp_name']; 62 64 $this->plugin_dir = Filesystem::unzip( $zip_file ); … … 115 117 116 118 // Make sure it doesn't use a TRADEMARK protected slug. 117 if ( false !== $this->has_trademarked_slug() ) {119 if ( false !== $this->has_trademarked_slug() && ! $has_upload_token ) { 118 120 $error = __( 'Error: The plugin name includes a restricted term.', 'wporg-plugins' ); 119 121 … … 242 244 243 245 // Prevent uploads using popular Plugin names in the wild. 244 if ( function_exists( 'wporg_stats_get_plugin_name_install_count' ) ) {246 if ( function_exists( 'wporg_stats_get_plugin_name_install_count' ) && ! $has_upload_token ) { 245 247 $installs = wporg_stats_get_plugin_name_install_count( $this->plugin['Name'] ); 246 248 … … 300 302 } 301 303 302 if ( function_exists( 'wporg_stats_get_plugin_name_install_count' ) ) {304 if ( function_exists( 'wporg_stats_get_plugin_name_install_count' ) && ! $has_upload_token ) { 303 305 $installs = wporg_stats_get_plugin_name_install_count( $readme->name ); 304 306 … … 332 334 $result = $this->check_plugin(); 333 335 334 if ( ! $result ) {336 if ( ! $result && ! $has_upload_token ) { 335 337 $error = __( 'Error: The plugin has failed the automated checks.', 'wporg-plugins' ); 336 338 … … 799 801 } 800 802 803 /** 804 * Determine if the current user has a valid upload token. 805 * 806 * An upload token can be used to bypass various plugin checks. 807 */ 808 public function has_valid_upload_token() { 809 $token = wp_unslash( $_REQUEST['upload_token'] ?? '' ); 810 811 return $token && Upload_Token::instance()->is_valid_for_user( get_current_user_id(), $token ); 812 } 813 801 814 } -
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload.php
r11403 r12508 28 28 ob_start(); 29 29 30 $uploader = new Upload_Handler(); 31 30 32 if ( is_user_logged_in() ) : 31 33 include_once ABSPATH . 'wp-admin/includes/template.php'; … … 58 60 ) : 59 61 if ( UPLOAD_ERR_OK === $_FILES['zip_file']['error'] ) : 60 $uploader = new Upload_Handler();61 62 $upload_result = $uploader->process_upload(); 62 63 … … 181 182 <?php wp_nonce_field( 'wporg-plugins-upload' ); ?> 182 183 <input type="hidden" name="action" value="upload"/> 184 <?php 185 if ( ! empty( $_REQUEST['upload_token'] ) ) { 186 printf( 187 '<input type="hidden" name="upload_token" value="%s"/>', 188 esc_attr( $_REQUEST['upload_token'] ) 189 ); 190 191 if ( ! $uploader->has_valid_upload_token() ) { 192 printf( 193 '<div class="notice notice-error notice-alt"><p>%s</p></div>', 194 esc_html__( 'The token provided is invalid for this user.', 'wporg-plugins') 195 ); 196 } 197 } 198 ?> 183 199 <?php 184 200 /*
Note: See TracChangeset
for help on using the changeset viewer.