Changeset 3100
- Timestamp:
- 05/08/2016 10:26:26 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-author-card.php
r3099 r3100 182 182 <?php 183 183 184 self::show_warning_flags( $post, $author, $all_plugins ); 185 } 186 187 /** 188 * Displays listing of warning flags for the plugin and its authors. 189 * 190 * @param \WP_Post $plugin The plugin object. 191 * @param \WP_User $author The plugin author. 192 * @param array $all_plugins Array of plugin objects for all of user's plugins. 193 */ 194 public static function show_warning_flags( $plugin, $author, $all_plugins ) { 195 $flagged = array( 196 'critical' => array(), 197 'med' => array(), 198 'low' => array(), 199 'info' => array(), 200 ); 201 202 $approved_plugins = wp_list_filter( $all_plugins, array( 'post_status' => 'publish' ) ); 203 $rejected_plugins = wp_list_filter( $all_plugins, array( 'post_status' => 'rejected' ) ); 204 205 // More than one instance of a spammer coming from one of these IPs or IP blocks (critical) 206 $post_ip = get_post_meta( $plugin->ID, 'post_ip', true ); 207 $is_spammer_ip = false; 208 209 $suspected_spammer_ip_blocks = array( 210 '2.240.101.121', 211 '2.240.163.90', 212 '2.240.118.188', 213 '2.241.60.160', 214 '2.241.66.20', 215 '2.241.124.187', 216 '5.102.170.', 217 '5.102.171.', 218 '38.78.', 219 '49.50.124.', 220 '65.33.104.38', 221 '71.41.77.202', 222 '76.73.108.', 223 '80.131.192.168', 224 '87.188.67.', 225 '87.188.75.', 226 '87.188.82.', 227 '91.228.', 228 '94.103.41.', 229 '109.123.', 230 '110.55.1.251', 231 '110.55.4.248', 232 '116.193.162.', 233 '119.235.251.', 234 '159.253.145.183', 235 '173.171.9.190', 236 '173.234.140.18', 237 '188.116.36.', 238 '217.87.249.', 239 '217.87.251.', 240 '217.87.252.', 241 ); 242 243 foreach ( $suspected_spammer_ip_blocks as $spammer_ip ) { 244 if ( 0 === strpos( $post_ip, $spammer_ip ) ) { 245 $flagged['critical'][] = "spammer IP '$spammer_ip" . ( substr( $spammer_ip, - 1 ) == '.' ? '*' : '' ) . "'"; 246 $is_spammer_ip = true; 247 break; 248 } 249 } 250 251 /* 252 * These IPs or IP blocks have instances of being used by spammers, but aren't concrete 253 * (or are fairly broad) that we don't want to auto-reject them. But we want to be wary. (high) 184 /** 185 * Fires at the end of a plugin's author card. 186 * 187 * @param \WP_Post $plugin The plugin object. 188 * @param \WP_User $author The plugin author. 189 * @param array $all_plugins Array of plugin objects for all of user's plugins. 254 190 */ 255 $possible_spammer_ip_blocks = array( 256 '2.240.', 257 '2.241.', 258 '91.238.', 259 '182.68.', 260 ); 261 if ( ! $is_spammer_ip ) { 262 foreach ( $possible_spammer_ip_blocks as $spammer_ip ) { 263 if ( 0 === strpos( $post_ip, $spammer_ip ) ) { 264 $flagged['med'][] = "possible spammer IP '$spammer_ip" . ( substr( $spammer_ip, - 1 ) == '.' ? '*' : '' ) . "'"; 265 break; 266 } 267 } 268 } 269 270 /* 271 * If user is banned from logging into WP.org (critical) 272 * 273 * This is pretty rare. They would have to have been banned after having 274 * submitted the plugin. 275 */ 276 if ( property_exists( $author, 'capabilities' ) && isset( $author->capabilities['blocked'] ) && '1' == $author->capabilities['blocked'] ) { 277 $flagged['critical'][] = 'user has been banned from logging into WP.org'; 278 } 279 280 // If user < 2 days old, extra red-flaggy (high). ElseIf user is < 2 weeks old, consider them new. (med) 281 $user_date = new \DateTime( $author->user_registered ); 282 $user_date = $user_date->format( 'U' ); 283 $request_date = new \DateTime( $plugin->post_date ); 284 $request_date = $request_date->format( 'U' ); 285 286 if ( $user_date > strtotime( '-3 days', $request_date ) ) { 287 $flagged['med'][] = 'user < 3 days old at request'; 288 } elseif ( $user_date > strtotime( '-2 weeks', $request_date ) ) { 289 $flagged['low'][] = 'user < 2 weeks old at request'; 290 } 291 292 // If username ends in numbers and the user doesn't have any approved plugins. 293 if ( preg_match( '/\d{3,}$/', $author->user_login ) && 0 === count( $approved_plugins ) ) { 294 $flagged['med'][] = 'username ends in numbers'; 295 } 296 297 // If username contains spammer-used words. 298 $spam_username_substrings = array( 299 'design', 300 'develop', 301 'html', 302 'market', 303 'seo', 304 ); 305 foreach ( $spam_username_substrings as $spam ) { 306 if ( false !== strpos( $author->user_login, $spam ) ) { 307 $flagged['med'][] = "spammer-used username substring ($spam)"; 308 break; 309 } 310 } 311 312 // If user's email is @yahoo.* or @mail.com (med). 313 $suspicious_email_hosts = array( '@yahoo.', '@mail.com' ); 314 foreach ( $suspicious_email_hosts as $email_host ) { 315 if ( false !== strpos( $author->user_email, $email_host ) ) { 316 $flagged['med'][] = 'spammer-used email host'; 317 break; 318 } 319 } 320 321 // If the plugin is for a typically spammed genre (med). 322 $spam_names = array(); 323 $spam_targets = array( 324 'bookmark', 325 'cookie', 326 'facebook', 327 'gallery', 328 'google', 329 'lightbox', 330 'seo', 331 'sitemap', 332 'slide', 333 'social', 334 'twitter', 335 'youtube', 336 ); 337 foreach ( $spam_targets as $spam_target ) { 338 if ( false !== strpos( $plugin->post_name, $spam_target ) || false !== strpos( $plugin->post_title, $spam_target ) ) { 339 $spam_names[] = $spam_target; 340 } 341 } 342 if ( ! empty( $spam_names ) ) { 343 $flagged['low'][] = "plugin name/slug contains '" . implode( "', '", $spam_names ) . "'"; 344 } 345 346 // If the plugin's name contains undesirable terms. 347 $undesirables = array(); 348 $undesirable_terms = array( 'autoblog', 'auto-blog', 'booking', 'plugin', 'spinning' ); 349 foreach ( $undesirable_terms as $undesirable ) { 350 if ( false !== strpos( $plugin->post_name, $undesirable ) || false !== strpos( $plugin->post_title, $undesirable ) ) { 351 $undesirables[] = $undesirable; 352 } 353 } 354 if ( ! empty( $undesirables ) ) { 355 $flagged['med'][] = "plugin name/slug contains potentially undesirable term(s) '" . implode( "', '", $undesirables ) . "'"; 356 } 357 358 // Home URL is at weebly.com. 359 if ( false !== strpos( $author->user_url, 'weebly.com' ) ) { 360 $flagged['med'][] = 'spammer-used web host for user URL (weebly.com)'; 361 } 362 363 // User's first plugin (low). 364 if ( 0 === count( $approved_plugins ) ) { 365 $flagged['low'][] = 'user has no open plugins'; 366 } 367 368 // User was rejected for this plugin before. 369 if ( ! empty( $rejected_plugins ) && in_array( $plugin->post_name, $rejected_plugins ) ) { 370 $flagged['med'][] = 'user was previously rejected for this plugin'; 371 } 372 373 // User has previously rejected plugins (med). 374 if ( count( $rejected_plugins ) > 0 ) { 375 $flagged['med'][] = 'user has rejected plugins'; 376 } 377 378 // User is blocked from posting to the support forums (med). 379 if ( property_exists( $author, 'elf_not_trusted' ) && '1' == $author->elf_not_trusted ) { 380 $flagged['med'][] = 'user is blocked from posting to the support forums'; 381 } 382 383 // User is marked as a bozo in the support forums (low). 384 if ( property_exists( $author, 'is_bozo' ) && '1' == $author->is_bozo ) { 385 $flagged['low'][] = 'user is a bozo in the support forums'; 386 } 387 388 // No home URL (low). 389 if ( empty( $author->user_url ) ) { 390 $flagged['low'][] = 'no URL for user'; 391 } elseif ( false !== strpos( $author->user_url, 'blogspot.com' ) ) { 392 $flagged['med'][] = 'user URL at blogspot.com'; 393 } elseif ( false !== strpos( $author->user_url, 'wordpress.com' ) ) { 394 $flagged['low'][] = 'user URL at WordPress.com'; 395 } 396 397 // User has submitted this plugin before (info). 398 if ( in_array( $plugin->post_name, wp_list_pluck( $all_plugins, 'post_name' ) ) ) { 399 $flagged['info'][] = 'user has submitted this plugin before'; 400 } 401 402 $flagged = array_filter( $flagged ); 403 404 if ( empty( $flagged ) ) { 405 echo '<span class="plugin-flagged-status plugin-queue-unflagged" style="display:none;" title="This plugin has no warning flags"> </span>'; 406 } else { 407 if ( isset( $flagged['critical'] ) ) { 408 echo '<span class="plugin-flagged-status plugin-queue-flagged-critical" style="display:none;" title="This plugin should be rejected"> </span>'; 409 } 410 echo '<div class="plugin-queue-flagged">'; 411 echo '<h4>FLAGGED!</h4>'; 412 echo '<ul class="plugin-flagged">'; 413 414 foreach ( $flagged as $flag_level => $flag ) { 415 $flag_name = 'critical' == $flag_level ? 'DO NOT APPROVE' : strtoupper( $flag_level ); 416 417 echo '<li class="plugin-flagged-' . $flag_level . '"><strong>' . $flag_name . ' (' . count( $flagged[ $flag_level ] ) . '):</strong> '; 418 echo implode( '; ', $flagged[ $flag_level ] ); 419 420 // Critically flagged plugins should sit in queue for at least a week to give spammer 421 // the impression that we're reviewing it 422 if ( 'critical' == $flag_level ) { 423 $reject_on = strftime( '%h. %e', strtotime( '+1 week', $request_date ) ); 424 echo '<br />Reject this plugin after ' . $reject_on . ' (to give impression we\'re reviewing it).'; 425 } 426 427 echo '</li>'; 428 } 429 echo '</ul>'; 430 echo '</div>'; 431 } 432 433 return; 191 do_action( 'wporg_plugins_author_card', $post, $author, $all_plugins ); 434 192 } 435 193 }
Note: See TracChangeset
for help on using the changeset viewer.