WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
03/29/2023 08:36:13 AM (3 years ago)
Author:
dd32
Message:

Plugin Directory: Allow plugin reviewers to generate a one-time-use token to bypass certain upload restrictions (Trademarks and Active Installs).

This allows for plugin authors to submit plugins that would be otherwise rejected by the upload form, without requiring manual work-arounds.

These tokens are user-specific, and one time use only.

See #6864.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload.php

    r11403 r12508  
    2828        ob_start();
    2929
     30        $uploader = new Upload_Handler();
     31
    3032        if ( is_user_logged_in() ) :
    3133            include_once ABSPATH . 'wp-admin/includes/template.php';
     
    5860            ) :
    5961                if ( UPLOAD_ERR_OK === $_FILES['zip_file']['error'] ) :
    60                     $uploader      = new Upload_Handler();
    6162                    $upload_result = $uploader->process_upload();
    6263
     
    181182                    <?php wp_nonce_field( 'wporg-plugins-upload' ); ?>
    182183                    <input type="hidden" name="action" value="upload"/>
     184                    <?php
     185                    if ( ! empty( $_REQUEST['upload_token'] ) ) {
     186                        printf(
     187                            '<input type="hidden" name="upload_token" value="%s"/>',
     188                            esc_attr( $_REQUEST['upload_token'] )
     189                        );
     190
     191                        if ( ! $uploader->has_valid_upload_token() ) {
     192                            printf(
     193                                '<div class="notice notice-error notice-alt"><p>%s</p></div>',
     194                                esc_html__( 'The token provided is invalid for this user.', 'wporg-plugins')
     195                            );
     196                        }
     197                    }
     198                    ?>
    183199                    <?php
    184200                    /*
Note: See TracChangeset for help on using the changeset viewer.