Making WordPress.org

Changeset 3100


Ignore:
Timestamp:
05/08/2016 10:26:26 PM (8 years ago)
Author:
obenland
Message:

Plugin Directory: Allow for third party content to be displayed.

Having an action here allows for more flexibility to enhance the author card in
the future.

H/t coffee2code.
See #1695.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-author-card.php

    r3099 r3100  
    182182        <?php
    183183
    184         self::show_warning_flags( $post, $author, $all_plugins );
    185     }
    186 
    187     /**
    188      * Displays listing of warning flags for the plugin and its authors.
    189      *
    190      * @param \WP_Post $plugin           The plugin object.
    191      * @param \WP_User $author           The plugin author.
    192      * @param array    $all_plugins      Array of plugin objects for all of user's plugins.
    193      */
    194     public static function show_warning_flags( $plugin, $author, $all_plugins ) {
    195         $flagged = array(
    196             'critical' => array(),
    197             'med'      => array(),
    198             'low'      => array(),
    199             'info'     => array(),
    200         );
    201 
    202         $approved_plugins = wp_list_filter( $all_plugins, array( 'post_status' => 'publish' ) );
    203         $rejected_plugins = wp_list_filter( $all_plugins, array( 'post_status' => 'rejected' ) );
    204 
    205         // More than one instance of a spammer coming from one of these IPs or IP blocks (critical)
    206         $post_ip       = get_post_meta( $plugin->ID, 'post_ip', true );
    207         $is_spammer_ip = false;
    208 
    209         $suspected_spammer_ip_blocks = array(
    210             '2.240.101.121',
    211             '2.240.163.90',
    212             '2.240.118.188',
    213             '2.241.60.160',
    214             '2.241.66.20',
    215             '2.241.124.187',
    216             '5.102.170.',
    217             '5.102.171.',
    218             '38.78.',
    219             '49.50.124.',
    220             '65.33.104.38',
    221             '71.41.77.202',
    222             '76.73.108.',
    223             '80.131.192.168',
    224             '87.188.67.',
    225             '87.188.75.',
    226             '87.188.82.',
    227             '91.228.',
    228             '94.103.41.',
    229             '109.123.',
    230             '110.55.1.251',
    231             '110.55.4.248',
    232             '116.193.162.',
    233             '119.235.251.',
    234             '159.253.145.183',
    235             '173.171.9.190',
    236             '173.234.140.18',
    237             '188.116.36.',
    238             '217.87.249.',
    239             '217.87.251.',
    240             '217.87.252.',
    241         );
    242 
    243         foreach ( $suspected_spammer_ip_blocks as $spammer_ip ) {
    244             if ( 0 === strpos( $post_ip, $spammer_ip ) ) {
    245                 $flagged['critical'][] = "spammer IP '$spammer_ip" . ( substr( $spammer_ip, - 1 ) == '.' ? '*' : '' ) . "'";
    246                 $is_spammer_ip         = true;
    247                 break;
    248             }
    249         }
    250 
    251         /*
    252          * These IPs or IP blocks have instances of being used by spammers, but aren't concrete
    253          * (or are fairly broad) that we don't want to auto-reject them. But we want to be wary. (high)
     184        /**
     185         * Fires at the end of a plugin's author card.
     186         *
     187         * @param \WP_Post $plugin           The plugin object.
     188         * @param \WP_User $author           The plugin author.
     189         * @param array    $all_plugins      Array of plugin objects for all of user's plugins.
    254190         */
    255         $possible_spammer_ip_blocks = array(
    256             '2.240.',
    257             '2.241.',
    258             '91.238.',
    259             '182.68.',
    260         );
    261         if ( ! $is_spammer_ip ) {
    262             foreach ( $possible_spammer_ip_blocks as $spammer_ip ) {
    263                 if ( 0 === strpos( $post_ip, $spammer_ip ) ) {
    264                     $flagged['med'][] = "possible spammer IP '$spammer_ip" . ( substr( $spammer_ip, - 1 ) == '.' ? '*' : '' ) . "'";
    265                     break;
    266                 }
    267             }
    268         }
    269 
    270         /*
    271          * If user is banned from logging into WP.org (critical)
    272          *
    273          * This is pretty rare. They would have to have been banned after having
    274          * submitted the plugin.
    275          */
    276         if ( property_exists( $author, 'capabilities' ) && isset( $author->capabilities['blocked'] ) && '1' == $author->capabilities['blocked'] ) {
    277             $flagged['critical'][] = 'user has been banned from logging into WP.org';
    278         }
    279 
    280         // If user < 2 days old, extra red-flaggy (high). ElseIf user is < 2 weeks old, consider them new. (med)
    281         $user_date    = new \DateTime( $author->user_registered );
    282         $user_date    = $user_date->format( 'U' );
    283         $request_date = new \DateTime( $plugin->post_date );
    284         $request_date = $request_date->format( 'U' );
    285 
    286         if ( $user_date > strtotime( '-3 days', $request_date ) ) {
    287             $flagged['med'][] = 'user &lt; 3 days old at request';
    288         } elseif ( $user_date > strtotime( '-2 weeks', $request_date ) ) {
    289             $flagged['low'][] = 'user &lt; 2 weeks old at request';
    290         }
    291 
    292         // If username ends in numbers and the user doesn't have any approved plugins.
    293         if ( preg_match( '/\d{3,}$/', $author->user_login ) && 0 === count( $approved_plugins ) ) {
    294             $flagged['med'][] = 'username ends in numbers';
    295         }
    296 
    297         // If username contains spammer-used words.
    298         $spam_username_substrings = array(
    299             'design',
    300             'develop',
    301             'html',
    302             'market',
    303             'seo',
    304         );
    305         foreach ( $spam_username_substrings as $spam ) {
    306             if ( false !== strpos( $author->user_login, $spam ) ) {
    307                 $flagged['med'][] = "spammer-used username substring ($spam)";
    308                 break;
    309             }
    310         }
    311 
    312         // If user's email is @yahoo.* or @mail.com (med).
    313         $suspicious_email_hosts = array( '@yahoo.', '@mail.com' );
    314         foreach ( $suspicious_email_hosts as $email_host ) {
    315             if ( false !== strpos( $author->user_email, $email_host ) ) {
    316                 $flagged['med'][] = 'spammer-used email host';
    317                 break;
    318             }
    319         }
    320 
    321         // If the plugin is for a typically spammed genre (med).
    322         $spam_names   = array();
    323         $spam_targets = array(
    324             'bookmark',
    325             'cookie',
    326             'facebook',
    327             'gallery',
    328             'google',
    329             'lightbox',
    330             'seo',
    331             'sitemap',
    332             'slide',
    333             'social',
    334             'twitter',
    335             'youtube',
    336         );
    337         foreach ( $spam_targets as $spam_target ) {
    338             if ( false !== strpos( $plugin->post_name, $spam_target ) || false !== strpos( $plugin->post_title, $spam_target ) ) {
    339                 $spam_names[] = $spam_target;
    340             }
    341         }
    342         if ( ! empty( $spam_names ) ) {
    343             $flagged['low'][] = "plugin name/slug contains '" . implode( "', '", $spam_names ) . "'";
    344         }
    345 
    346         // If the plugin's name contains undesirable terms.
    347         $undesirables      = array();
    348         $undesirable_terms = array( 'autoblog', 'auto-blog', 'booking', 'plugin', 'spinning' );
    349         foreach ( $undesirable_terms as $undesirable ) {
    350             if ( false !== strpos( $plugin->post_name, $undesirable ) || false !== strpos( $plugin->post_title, $undesirable ) ) {
    351                 $undesirables[] = $undesirable;
    352             }
    353         }
    354         if ( ! empty( $undesirables ) ) {
    355             $flagged['med'][] = "plugin name/slug contains potentially undesirable term(s) '" . implode( "', '", $undesirables ) . "'";
    356         }
    357 
    358         // Home URL is at weebly.com.
    359         if ( false !== strpos( $author->user_url, 'weebly.com' ) ) {
    360             $flagged['med'][] = 'spammer-used web host for user URL (weebly.com)';
    361         }
    362 
    363         // User's first plugin (low).
    364         if ( 0 === count( $approved_plugins ) ) {
    365             $flagged['low'][] = 'user has no open plugins';
    366         }
    367 
    368         // User was rejected for this plugin before.
    369         if ( ! empty( $rejected_plugins ) && in_array( $plugin->post_name, $rejected_plugins ) ) {
    370             $flagged['med'][] = 'user was previously rejected for this plugin';
    371         }
    372 
    373         // User has previously rejected plugins (med).
    374         if ( count( $rejected_plugins ) > 0 ) {
    375             $flagged['med'][] = 'user has rejected plugins';
    376         }
    377 
    378         // User is blocked from posting to the support forums (med).
    379         if ( property_exists( $author, 'elf_not_trusted' ) && '1' == $author->elf_not_trusted ) {
    380             $flagged['med'][] = 'user is blocked from posting to the support forums';
    381         }
    382 
    383         // User is marked as a bozo in the support forums (low).
    384         if ( property_exists( $author, 'is_bozo' ) && '1' == $author->is_bozo ) {
    385             $flagged['low'][] = 'user is a bozo in the support forums';
    386         }
    387 
    388         // No home URL (low).
    389         if ( empty( $author->user_url ) ) {
    390             $flagged['low'][] = 'no URL for user';
    391         } elseif ( false !== strpos( $author->user_url, 'blogspot.com' ) ) {
    392             $flagged['med'][] = 'user URL at blogspot.com';
    393         } elseif ( false !== strpos( $author->user_url, 'wordpress.com' ) ) {
    394             $flagged['low'][] = 'user URL at WordPress.com';
    395         }
    396 
    397         // User has submitted this plugin before (info).
    398         if ( in_array( $plugin->post_name, wp_list_pluck( $all_plugins, 'post_name' ) ) ) {
    399             $flagged['info'][] = 'user has submitted this plugin before';
    400         }
    401 
    402         $flagged = array_filter( $flagged );
    403 
    404         if ( empty( $flagged ) ) {
    405             echo '<span class="plugin-flagged-status plugin-queue-unflagged" style="display:none;" title="This plugin has no warning flags">&nbsp;</span>';
    406         } else {
    407             if ( isset( $flagged['critical'] ) ) {
    408                 echo '<span class="plugin-flagged-status plugin-queue-flagged-critical" style="display:none;" title="This plugin should be rejected">&nbsp;</span>';
    409             }
    410             echo '<div class="plugin-queue-flagged">';
    411             echo '<h4>FLAGGED!</h4>';
    412             echo '<ul class="plugin-flagged">';
    413 
    414             foreach ( $flagged as $flag_level => $flag ) {
    415                 $flag_name = 'critical' == $flag_level ? 'DO NOT APPROVE' : strtoupper( $flag_level );
    416 
    417                 echo '<li class="plugin-flagged-' . $flag_level . '"><strong>' . $flag_name . ' (' . count( $flagged[ $flag_level ] ) . '):</strong> ';
    418                 echo implode( '; ', $flagged[ $flag_level ] );
    419 
    420                 // Critically flagged plugins should sit in queue for at least a week to give spammer
    421                 // the impression that we're reviewing it
    422                 if ( 'critical' == $flag_level ) {
    423                     $reject_on = strftime( '%h. %e', strtotime( '+1 week', $request_date ) );
    424                     echo '<br />Reject this plugin after ' . $reject_on . ' (to give impression we\'re reviewing it).';
    425                 }
    426 
    427                 echo '</li>';
    428             }
    429             echo '</ul>';
    430             echo '</div>';
    431         }
    432 
    433         return;
     191        do_action( 'wporg_plugins_author_card', $post, $author, $all_plugins );
    434192    }
    435193}
Note: See TracChangeset for help on using the changeset viewer.