Making WordPress.org


Ignore:
Timestamp:
08/02/2015 01:26:10 AM (9 years ago)
Author:
nacin
Message:

Some infrastructure changes for the security team.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/api.wordpress.org/public_html/dotorg/slack/security-team.php

    r1611 r1801  
    22
    33namespace {
    4     require dirname( dirname( __DIR__ ) ) . '/includes/hyperdb/bb-10-hyper-db.php';
     4    if ( ! isset( $GLOBALS['wpdb'] ) ) {
     5        require dirname( dirname( __DIR__ ) ) . '/includes/hyperdb/bb-10-hyper-db.php';
     6    }
    57}
    68
     
    911require dirname( dirname( __DIR__ ) ) . '/includes/slack-config.php';
    1012
    11 function api_call( $method, $content = array() ) {
     13function slack_api( $method, $content = array() ) {
    1214    $content['token'] = SLACK_TOKEN;
    1315    $content = http_build_query( $content );
     
    2426}
    2527
    26 header( 'Content-type: text/plain' );
     28function get_security_team() {
     29    global $wpdb;
     30    $group = slack_api( 'groups.info', array( 'channel' => SECURITY_GROUP_ID ) );
    2731
    28 // Confirm it came from the Trac server.
    29 if ( $_GET['token'] !== API_TOKEN ) {
    30     die;
     32    if ( empty( $group['ok'] ) ) {
     33        return false;
     34    }
     35
     36    $slack_user_ids = $group['group']['members'];
     37    $slack_user_ids = array_filter( $slack_user_ids, function( $user_id ) {
     38        return (bool) preg_match( '/^U[A-Z0-9]+$/', $user_id );
     39    });
     40    $slack_user_ids_for_sql = "'" . implode( "', '", $slack_user_ids ) . "'";
     41    $user_ids = $wpdb->get_col( "SELECT user_id FROM slack_users WHERE slack_id IN ($slack_user_ids_for_sql)" );
     42
     43    $user_ids = array_map( 'intval', $user_ids );
     44    $user_ids_for_sql = implode( ', ', $user_ids );
     45    $user_logins = $wpdb->get_col( "SELECT user_login FROM $wpdb->users WHERE ID IN ($user_ids_for_sql)" );
     46    return $user_logins;
    3147}
    3248
    33 $group = api_call( 'groups.info', array( 'channel' => SECURITY_GROUP_ID ) );
     49function api_call() {
     50    header( 'Content-type: text/plain' );
    3451
    35 if ( empty( $group['ok'] ) ) {
    36     die;
     52    // Confirm it came from the Trac server.
     53    if ( $_GET['token'] !== API_TOKEN ) {
     54        exit;
     55    }
     56
     57    $team = get_security_team();
     58    if ( $team === false ) {
     59        exit;
     60    }
     61
     62    echo implode( "\n", $team ) . "\n"; // Trailing newline critical.
     63    exit;
    3764}
    3865
    39 $slack_user_ids = $group['group']['members'];
    40 $slack_user_ids = array_filter( $slack_user_ids, function( $user_id ) {
    41     return (bool) preg_match( '/^U[A-Z0-9]+$/', $user_id );
    42 });
    43 $slack_user_ids_for_sql = "'" . implode( "', '", $slack_user_ids ) . "'";
    44 $user_ids = $wpdb->get_col( "SELECT user_id FROM slack_users WHERE slack_id IN ($slack_user_ids_for_sql)" );
    45 
    46 $user_ids = array_map( 'intval', $user_ids );
    47 $user_ids_for_sql = implode( ', ', $user_ids );
    48 $user_logins = $wpdb->get_col( "SELECT user_login FROM $wpdb->users WHERE ID IN ($user_ids_for_sql)" );
    49 
    50 echo implode( "\n", $user_logins ) . "\n"; // Trailing newline critical.
     66if ( isset( $_SERVER['REQUEST_URI'] ) && false !== strpos( $_SERVER['REQUEST_URI'], '/security-team.php?token=' ) ) {
     67    api_call();
     68}
    5169
    5270}
Note: See TracChangeset for help on using the changeset viewer.