Changeset 14459

Timestamp:

06/05/2025 10:17:20 AM (5 months ago)

Author:

dd32

Message:

Plugin Directory: Plugin Transfer: You can only transfer to users who have plugin management capabilities, which requires that the committer has 2FA setup.

Don't allow users to attempt to transfer to a user for whom the transfer will fail to.

File:

• sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-plugins-2024/inc/template-tags.php (modified) (3 diffs)

sites/trunk/wordpress.org/public_html/wp-content/themes/pub/wporg-plugins-2024/inc/template-tags.php

@@ -651 +651 @@
     echo '<div class="plugin-notice notice notice-warning notice-alt"><p>' . __( '<strong>Warning:</strong> Transferring a plugin is intended to be <em>permanent</em>. There is no way to get plugin ownership back without contacting the plugin team.', 'wporg-plugins' ) . '</p></div>';
 
-    $users = [];
+    $disabled_users = [];
+    $users          = [];
     foreach ( Tools::get_plugin_committers( $post->post_name ) as $user_login ) {
         $user = get_user_by( 'login', $user_login );
         if ( $user->ID != get_current_user_id() ) {
             $users[] = $user;
+
+            // Mark users as disabled if they don't have 2FA enabled, as plugins can't be transferred to users without 2FA.
+            if ( class_exists( 'Two_Factor_Core' ) && ! \Two_Factor_Core::is_user_using_two_factor( $user->ID ) ) {
+                $disabled_users[ $user->ID ] = true;
+            }
         }
     }
@@ -661 +667 @@
         echo '<div class="plugin-notice notice notice-error notice-alt"><p>' . __( 'To transfer a plugin, you must first add the new owner as a committer.', 'wporg-plugins' ) . '</p></div>';
         return;
+    }
+
+    // Users must have 2FA enabled to be able to transfer a plugin.
+    if ( $disabled_users ) {
+        echo '<div class="plugin-notice notice notice-info notice-alt"><p>' . __( 'Only users with Two-Factor authentication enabled can be selected.', 'wporg-plugins' ) . '</p></div>';
     }
 
@@ -669 +680 @@
     foreach ( $users as $user ) {
         printf(
-            '<option value="%d">%s</option>' . "\n",
+            '<option value="%d" %s>%s</option>' . "\n",
             esc_attr( $user->ID ),
+            disabled( isset( $disabled_users[ $user->ID ] ), true, false ),
             esc_html( $user->display_name . ' (' . $user->user_login . ')' )
         );
     }
     echo '</select></p>';
+
     // Translators: %s is the plugin name, as defined by the plugin itself.
     echo '<p class="wp-block-button is-small"><input class="wp-block-button__link" type="submit" value="' . esc_attr( sprintf( __( 'Please transfer %s.', 'wporg-plugins' ), get_the_title() ) ) . '" /></p>';