Changeset 2958
- Timestamp:
- 04/14/2016 08:23:22 PM (9 years ago)
- Location:
- sites/trunk/wordcamp.org/public_html/wp-content
- Files:
-
- 4 added
- 2 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/jetpack-tweaks/miscellaneous.php
r2957 r2958 2 2 3 3 namespace WordCamp\Jetpack_Tweaks; 4 defined( 'WPINC' ) or die(); 4 5 5 /* 6 * Open Graph Default Image. 7 * 8 * Provides a default image for sharing WordCamp home/pages to Facebook/Twitter/Google other than the Jetpack "blank" image. 9 */ 10 function default_og_image() { 11 return 'https://s.w.org/images/backgrounds/wordpress-bg-medblue.png'; 12 } 13 add_filter( 'jetpack_open_graph_image_default', __NAMESPACE__ . '\default_og_image' ); 14 15 /** 16 * Choose the default Open Graph image for single posts 17 * 18 * @param array $media 19 * @param int $post_id 20 * @param array $args 21 * 22 * @return array 23 */ 24 function default_single_og_image( $media, $post_id, $args ) { 25 if ( $media ) { 26 return $media; 27 } 28 29 if ( has_site_icon() ) { 30 $image_url = get_site_icon_url(); 31 } else if ( has_header_image() ) { 32 $image_url = get_header_image(); 33 } else { 34 $image_url = default_og_image(); 35 } 36 37 return array( array( 38 'type' => 'image', 39 'from' => 'custom_fallback', 40 'src' => esc_url( $image_url ), 41 'href' => get_permalink( $post_id ), 42 ) ); 43 } 44 add_filter( 'jetpack_images_get_images', __NAMESPACE__ . '\default_single_og_image', 10, 3 ); 45 46 /* 47 * Add Twitter Card type. 48 * 49 * Added the twitter:card = summary OG tag for the home page and other ! is_singular() pages, which is not added by default by Jetpack. 50 */ 51 function add_og_twitter_summary( $og_tags ) { 52 if ( is_home() || is_front_page() ) { 53 $og_tags['twitter:card'] = 'summary'; 54 } 55 56 return $og_tags; 57 } 58 add_filter( 'jetpack_open_graph_tags', __NAMESPACE__ . '\add_og_twitter_summary' ); 59 60 /* 61 * User @WordCamp as the default Twitter account. 62 * 63 * Add default Twitter account as @WordCamp for when individual WCs do not set their Settings->Sharing option for Twitter cards only. 64 * Sets the "via" tag to blank to avoid slamming @WordCamp moderators with a ton of shared posts. 65 */ 66 function twitter_sitetag( $site_tag ) { 67 if ( 'jetpack' == $site_tag ) { 68 $site_tag = 'WordCamp'; 69 add_filter( 'jetpack_sharing_twitter_via', '__return_empty_string' ); 70 } 71 72 return $site_tag; 73 } 74 add_filter( 'jetpack_twitter_cards_site_tag', __NAMESPACE__ . '\twitter_sitetag' ); 75 76 /* 77 * Determine which Jetpack modules should be automatically activated when new sites are created 78 */ 79 function default_jetpack_modules( $modules ) { 80 $modules = array_diff( $modules, array( 'widget-visibility' ) ); 81 array_push( $modules, 'contact-form', 'shortcodes', 'custom-css', 'subscriptions' ); 82 83 return $modules; 84 } 85 add_filter( 'jetpack_get_default_modules', __NAMESPACE__ . '\default_jetpack_modules' ); 86 87 /* 88 * Enable Photon support for HTTPS URLs 89 */ 90 add_filter( 'jetpack_photon_reject_https', '__return_false' ); 91 92 /** 93 * Never automatically connect new sites to WordPress.com. 94 * We offload this part to wp-cron.php because of https. 95 * 96 * @param array $new_value 97 * @param array $old_value 98 * 99 * @return array 100 */ 101 function auto_connect_new_sites( $new_value, $old_value ) { 102 $new_value['auto-connect'] = 0; 103 104 return $new_value; 105 } 106 add_filter( 'pre_update_site_option_jetpack-network-settings', __NAMESPACE__ . '\auto_connect_new_sites', 10, 2 ); 107 108 /** 109 * Schedule an attempt to connect this site to Jetpack. 110 * 111 * @param int $blog_id The blog id. 112 */ 113 function schedule_connect_new_site( $blog_id ) { 114 wp_schedule_single_event( time() + 12 * HOUR_IN_SECONDS + 600, 'wcorg_connect_new_site', array( $blog_id, get_current_user_id() ) ); 115 } 116 add_action( 'wpmu_new_blog', __NAMESPACE__ . '\schedule_connect_new_site' ); 117 118 /** 119 * Connect the new site to Jetpack. Runs during wp-cron.php. 120 * 121 * @param int $blog_id The blog_id to connect. 122 * @param int $user_id The user ID who created the new site. 123 */ 124 function wcorg_connect_new_site( $blog_id, $user_id ) { 125 if ( ! class_exists( 'Jetpack_Network' ) ) 126 return; 127 128 $network = \Jetpack_Network::init(); 129 $current_user_id = get_current_user_id(); 130 wp_set_current_user( $user_id ); 131 132 // Register this site with Jetpack. 133 $network->do_subsiteregister( $blog_id ); 134 135 wp_set_current_user( $current_user_id ); 136 error_log( sprintf( 'Connecting new site %d for user %d.', $blog_id, $user_id ) ); 137 } 138 add_action( 'wcorg_connect_new_site', __NAMESPACE__ . '\wcorg_connect_new_site', 10, 2 ); 139 140 /** 141 * Sanitize parsed Custom CSS rules 142 * 143 * @import rules are stripped because they can introduce security vulnerabilities by embedding external 144 * stylesheets that haven't been sanitized, and they also present a maintenance problem because they rely on 145 * external resources which could go offline at any point. 146 * 147 * @charset rules are stripped because manipulating the charset can allow an attacker to introduce XSS 148 * vulnerabilities by tricking the browser into interpreting the CSS as HTML. 149 * 150 * @param \safecss $safecss 151 */ 152 function sanitize_csstidy_parsed_rules( $safecss ) { 153 if ( ! empty( $safecss->parser->import ) ) { 154 update_option( 'custom_css_import_stripped', true ); 155 } 156 157 $safecss->parser->import = array(); 158 $safecss->parser->charset = array(); 159 } 160 add_action( 'csstidy_optimize_postparse', __NAMESPACE__ . '\sanitize_csstidy_parsed_rules' ); 161 162 /** 163 * Notify the user that @import rules were stripped from their CSS 164 */ 165 function notify_import_rules_stripped() { 166 global $current_screen; 167 $relevant_screens = array( 'appearance_page_editcss', 'appearance_page_remote-css' ); 168 169 if ( ! is_a( $current_screen, 'WP_Screen' ) || ! in_array( $current_screen->id, $relevant_screens, true ) ) { 170 return; 171 } 172 173 if ( ! get_option( 'custom_css_import_stripped' ) ) { 174 return; 175 } 176 177 delete_option( 'custom_css_import_stripped' ); 178 179 ?> 180 181 <div class="notice notice-warning"> 182 <p> 183 <?php printf( 184 __( 'WARNING: <code>@import</code> rules were stripped for security reasons. 185 Please use <a href="%s">the Fonts tool</a> to add web fonts, and merge other stylesheets directly into your custom CSS.', 186 'wordcamporg' ), 187 admin_url( 'themes.php?page=wc-fonts-options' ) 188 ); ?> 189 </p> 190 </div> 191 192 <?php 193 } 194 add_action( 'admin_notices', __NAMESPACE__ . '\notify_import_rules_stripped' ); 195 196 /** 197 * Sanitize Custom CSS subvalues 198 * 199 * @param \safecss $safecss 200 */ 201 function sanitize_csstidy_subvalues( $safecss ) { 202 $safecss->sub_value = trim( $safecss->sub_value ); 203 204 // Send any urls through our filter 205 if ( preg_match( '!^\s*(?P<url_expression>url\s*(?P<opening_paren>\(|\\0028)(?P<parenthetical_content>.*)(?P<closing_paren>\)|\\0029))(.*)$!Dis', $safecss->sub_value, $matches ) ) { 206 $safecss->sub_value = sanitize_urls_in_css_properties( $matches['parenthetical_content'], $safecss->property ); 207 208 // Only replace the url([...]) portion of the sub_value so we don't 209 // lose things like trailing commas or !important declarations. 210 if ( $safecss->sub_value ) { 211 $safecss->sub_value = str_replace( $matches['url_expression'], $safecss->sub_value, $matches[0] ); 212 } 213 } 214 215 // Strip any expressions 216 if ( preg_match( '!^\\s*expression!Dis', $safecss->sub_value ) ) { 217 $safecss->sub_value = ''; 218 } 219 } 220 add_action( 'csstidy_optimize_subvalue', __NAMESPACE__ . '\sanitize_csstidy_subvalues' ); 221 222 /** 223 * Sanitize URLs used in CSS properties 224 * 225 * @param string $url 226 * @param string $property 227 * 228 * @return string 229 */ 230 function sanitize_urls_in_css_properties( $url, $property ) { 231 $allowed_properties = array( 'background', 'background-image', 'border-image', 'content', 'cursor', 'list-style', 'list-style-image' ); 232 $allowed_protocols = array( 'http', 'https' ); 233 234 // Clean up the string 235 $url = trim( $url, "' \" \r \n" ); 236 237 // Check against whitelist for properties allowed to have URL values 238 if ( ! in_array( trim( $property ), $allowed_properties, true ) ) { 239 // trim() is because multiple properties with the same name are stored with 240 // additional trailing whitespace so they don't overwrite each other in the hash. 241 return ''; 242 } 243 244 $url = wp_kses_bad_protocol_once( $url, $allowed_protocols ); 245 246 if ( empty( $url ) ) { 247 return ''; 248 } 249 250 return "url('" . str_replace( "'", "\\'", $url ) . "')"; 251 } 252 253 /** 254 * Disable Jetpack's Holiday Snow on all WordCamp sites 255 * 256 * That option appears in Settings > General between December 1st and January 4th. 257 * It is off by default. 258 * This filter removes it completely. 259 */ 6 add_filter( 'jetpack_photon_reject_https', '__return_false' ); 260 7 add_filter( 'jetpack_is_holiday_snow_season', '__return_false' ); -
sites/trunk/wordcamp.org/public_html/wp-content/mu-plugins/load-other-mu-plugins.php
r2442 r2958 3 3 defined( 'WPINC' ) or die(); 4 4 5 // mu-plugins in sub-directories 6 require_once( __DIR__ . '/wp-cli-commands/bootstrap.php' ); 7 require_once( __DIR__ . '/camptix-tweaks/camptix-tweaks.php' ); 5 wcorg_include_individual_mu_plugins(); 6 wcorg_include_mu_plugin_folders(); 8 7 9 // Private mu-plugins 10 $private_mu_plugins = glob( WP_CONTENT_DIR . '/mu-plugins-private/*.php' ); 11 if ( is_array( $private_mu_plugins ) ) { 12 foreach ( $private_mu_plugins as $plugin ) { 13 if ( is_file( $plugin ) ) { 14 require_once( $plugin ); 8 /** 9 * Load individually-targeted files 10 * 11 * This is because the folder contains some .php files that we don't want to automatically include with glob(). 12 */ 13 function wcorg_include_individual_mu_plugins() { 14 require_once( __DIR__ . '/wp-cli-commands/bootstrap.php' ); 15 require_once( __DIR__ . '/camptix-tweaks/camptix-tweaks.php' ); 16 } 17 18 /** 19 * Load every mu-plugin in these folders 20 */ 21 function wcorg_include_mu_plugin_folders() { 22 $include_folders = array( 23 dirname( __DIR__ ) . '/mu-plugins-private', 24 __DIR__ . '/jetpack-tweaks', 25 ); 26 27 foreach ( $include_folders as $folder ) { 28 $plugins = glob( $folder . '/*.php' ); 29 30 if ( is_array( $plugins ) ) { 31 foreach ( $plugins as $plugin ) { 32 if ( is_file( $plugin ) ) { 33 require_once( $plugin ); 34 } 35 } 15 36 } 16 37 } -
sites/trunk/wordcamp.org/public_html/wp-content/plugins/wordcamp-remote-css/tests/bootstrap.php
r2170 r2958 31 31 require_once( dirname( __DIR__ ) . '/bootstrap.php' ); 32 32 require_once( dirname( dirname( __DIR__ ) ) . '/jetpack/jetpack.php' ); 33 require_once( dirname( dirname( dirname( __DIR__ ) ) ) . '/mu-plugins/jetpack-tweaks.php' ); // Some of the sanitization lives here because it runs for both Custom CSS and Remote CSS 33 34 // Some of the sanitization lives here because it runs for both Custom CSS and Remote CSS 35 require_once( dirname( dirname( dirname( __DIR__ ) ) ) . '/mu-plugins/jetpack-tweaks/css-sanitization.php' ); 34 36 } 35 37 tests_add_filter( 'muplugins_loaded', __NAMESPACE__ . '\manually_load_plugin' );
Note: See TracChangeset
for help on using the changeset viewer.