WordPress.org

Making WordPress.org

Changeset 3163


Ignore:
Timestamp:
05/18/2016 02:08:28 AM (4 years ago)
Author:
dd32
Message:

Plugin Directory: Readme parsing: Sanitize the stable tag from the readme, plugins often fill it with unexpected values.

This change also allows for a instance to be created without a file, and avoids a scenario where the plugin description may get picked up as the plugin name.

See #1584

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/class-readme-parser.php

    r2997 r3163  
    5656
    5757    public function __construct( $file ) {
    58         $this->parse_readme( $file );
     58        if ( $file ) {
     59            $this->parse_readme( $file );
     60        }
    5961    }
    6062
     
    8183        if ( 'plugin name' == strtolower( $this->name ) ) {
    8284            $this->name = $line = $this->get_first_nonwhitespace( $contents );
    83             // Ensure that the line read wasn't an actual header
    84             if ( preg_match( '~^(' . implode( '|', array_keys( $this->valid_headers ) ) . ')\s*:~i', $line ) ) {
     85            // Ensure that the line read wasn't an actual header or description
     86            if ( strlen( $line ) > 50 || preg_match( '~^(' . implode( '|', array_keys( $this->valid_headers ) ) . ')\s*:~i', $line ) ) {
    8587                $this->name = false;
    8688                array_unshift( $contents, $line );
     
    128130        }
    129131        if ( ! empty( $headers['stable_tag'] ) ) {
    130             $this->stable_tag = $headers['stable_tag'];
     132            $this->stable_tag = $this->sanitize_stable_tag( $headers['stable_tag'] );
    131133        }
    132134        if ( ! empty( $headers['donate_link'] ) ) {
     
    365367    }
    366368
     369    /**
     370     * Sanitize the provided stable tag to something we expect.
     371     *
     372     * @param string $stable_tag the raw Stable Tag line from the readme.
     373     * @return string The sanitized $stable_tag.
     374     */
     375    protected function sanitize_stable_tag( $stable_tag ) {
     376        $stable_tag = trim( $stable_tag );
     377        $stable_tag = trim( $stable_tag, '"\'' ); // "trunk"
     378        $stable_tag = preg_replace( '!^/?tags/!i', '', $stable_tag ); // "tags/1.2.3"
     379        $stable_tag = preg_replace( '![^a-z0-9_.-]!i', '', $stable_tag );
     380
     381        return $stable_tag;
     382    }
     383
    367384    protected function parse_markdown( $text ) {
    368385        static $markdown = null;
Note: See TracChangeset for help on using the changeset viewer.