WordPress.org

Making WordPress.org

Changeset 9096


Ignore:
Timestamp:
08/08/2019 10:04:27 PM (4 months ago)
Author:
SergeyBiryukov
Message:

Plugin Directory: Adjust review tools and upload process to better address issues with reserved plugin names and trademark protected slugs:

  • Display known problematic IPs more prominently in Author Card.
  • Expand the list of reserved slugs and high value slugs.
  • Check for trademark protected slugs.
  • Block short plugin names (less than 5 characters).
  • Clarify that plugin name should be changed in both the main plugin file and readme.

Props Ipstenu.
Fixes #4664.

Location:
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-author-card.php

    r9089 r9096  
    1414 */
    1515class Author_Card {
     16
     17    /**
     18     * List of known problematic IPs
     19     *
     20     * @var array
     21     */
     22    public static $iffy_ips = [
     23        '2.240.',
     24        '2.241.',
     25        '5.102.170.',
     26        '5.102.171.',
     27        '38.78.',
     28        '47.15.',
     29        '49.50.124.',
     30        '65.33.104.38',
     31        '71.41.77.202',
     32        '76.73.108.',
     33        '80.131.192.168',
     34        '87.188.',
     35        '91.228.',
     36        '91.238.',
     37        '94.103.41.',
     38        '109.123.',
     39        '110.55.1.251',
     40        '110.55.4.248',
     41        '116.193.162.',
     42        '119.235.251.',
     43        '159.253.145.183',
     44        '173.171.9.190',
     45        '173.234.140.18',
     46        '188.116.36.',
     47        '217.87.',
     48    ];
     49
    1650    /**
    1751     * Displays information about the author of the current plugin.
     
    251285     */
    252286    protected static function link_ip( $ip ) {
    253         return sprintf(
    254             '<a href="%1$s">%2$s</a>',
     287
     288        $ip_data = array(
     289            'name'    => $ip,
     290            'tooltip' => '',
     291            'iffy'    => false,
     292        );
     293
     294        foreach ( self::$iffy_ips as $check_ip ) {
     295            if ( false !== strpos( $ip, $check_ip ) ) {
     296                $ip_data['name']   .= '*';
     297                $ip_data['tooltip'] = 'This IP may be problematic and has been used for abuse before.';
     298                $ip_data['iffy']    = true;
     299            }
     300        }
     301
     302        $output_ip = sprintf(
     303            '<a href="%1$s" title="%2$s">%3$s</a>',
    255304            esc_url( add_query_arg( array(
    256305                'post_type' => 'plugin',
    257306                's'         => $ip,
    258307            ), admin_url( 'edit.php' ) ) ),
    259             $ip
     308            $ip_data['tooltip'],
     309            $ip_data['name']
    260310        );
     311
     312        return $output_ip;
    261313    }
    262314
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/admin/metabox/class-review-tools.php

    r9089 r9096  
    3333     */
    3434    public static $reserved_slugs = [
     35        'apple',
     36        'contact-form-7',
     37        'facebook',
     38        'google',
     39        'instagram',
     40        'ios',
     41        'jetpack',
     42        'jquery',
     43        'microsoft',
     44        'paypal',
     45        'twitter',
     46        'woocommerce',
    3547        'wordpress',
    36         'woocommerce',
    37         'google',
     48        'yoast',
    3849        'youtube',
    39         'twitter',
    40         'facebook',
    41         'yoast',
    42         'jetpack',
    4350    ];
    4451
     
    5057    public static $restricted_slugs = [
    5158        // High-value plugin genres due to their popularity, often abused by spammers.
     59        'booking',
     60        'bookmark',
     61        'cookie',
    5262        'gallery',
    5363        'lightbox',
     64        'seo',
    5465        'sitemap',
    55         'bookmark',
     66        'slide',
    5667        'social',
    57         'cookie',
    58         'slide',
    59         'seo',
    6068
    6169        // Plugins we generally don't allow.
    6270        'autoblog',
    6371        'auto-blog',
    64         'booking',
     72        'framework',
     73        'library',
    6574        'plugin',
    6675        'spinning',
    67         'framework',
    6876    ];
    6977
     
    8795
    8896    /**
    89      * List of known problematic IPs
    90      *
    91      * @var array
    92      */
    93     public static $iffy_ips = [
    94         '2.240.',
    95         '2.241.',
    96         '5.102.170.',
    97         '5.102.171.',
    98         '38.78.',
    99         '47.15.',
    100         '49.50.124.',
    101         '65.33.104.38',
    102         '71.41.77.202',
    103         '76.73.108.',
    104         '80.131.192.168',
    105         '87.188.',
    106         '91.228.',
    107         '91.238.',
    108         '94.103.41.',
    109         '109.123.',
    110         '110.55.1.251',
    111         '110.55.4.248',
    112         '116.193.162.',
    113         '119.235.251.',
    114         '159.253.145.183',
    115         '173.171.9.190',
    116         '173.234.140.18',
    117         '188.116.36.',
    118         '217.87.',
    119     ];
    120 
    121     /**
    12297     * Displays links to plugin assets and automated flags.
    12398     */
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload-handler.php

    r8472 r9096  
    9696            return new \WP_Error( 'unsupported_name', $error . ' ' . sprintf(
    9797                /* translators: %s: 'Plugin Name:' */
    98                 __( 'Plugin names may only contain latin letters (A-z), numbers, spaces, and hyphens. Please change the %s line in your main plugin file and upload it again.', 'wporg-plugins' ),
     98                __( 'Plugin names may only contain latin letters (A-z), numbers, spaces, and hyphens. Please change the %s line in your main plugin file and readme, then you may upload it again.', 'wporg-plugins' ),
    9999                esc_html( $this->plugin['Name'] ),
    100100                '<code>Plugin Name:</code>'
     
    108108            return new \WP_Error( 'reserved_name', $error . ' ' . sprintf(
    109109                /* translators: 1: plugin slug, 2: 'Plugin Name:' */
    110                 __( 'Your chosen plugin name - %1$s - has been reserved for use by WordPress. Please change the %2$s line in your main plugin file and upload it again.', 'wporg-plugins' ),
     110                __( 'Your chosen plugin name - %1$s - has been reserved and cannot be used. Please change the %2$s line in your main plugin file and readme, then you may upload it again.', 'wporg-plugins' ),
    111111                '<code>' . $this->plugin_slug . '</code>',
    112112                '<code>Plugin Name:</code>'
     113            ) );
     114        }
     115
     116        // Make sure it doesn't use a TRADEMARK protected slug.
     117        if ( $this->has_trademarked_slug() ) {
     118            $error = __( 'Error: The plugin has a trademarked name.', 'wporg-plugins' );
     119
     120            return new \WP_Error( 'trademarked_name', $error . ' ' . sprintf(
     121                /* translators: 1: plugin slug, 2: 'Plugin Name:', 3: plugin email address. */
     122                __( 'Your chosen plugin name - %1$s - has been flagged as trademark infringement and cannot be used. We have been legally compelled to protect specific trademarks and as such prevent the use of specific terms. Please change the %2$s line in your main plugin file and readme, then you may upload it again. If you feel this is in error, please email us at %3$s and explain why.', 'wporg-plugins' ),
     123                '<code>' . $this->plugin_slug . '</code>',
     124                '<code>Plugin Name:</code>',
     125                '<code>plugins@wordpress.org</code>'
    113126            ) );
    114127        }
     
    138151                __( 'https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/', 'wporg-plugins' ),
    139152                'plugins@wordpress.org'
     153            ) );
     154        }
     155
     156        // Prevent short plugin names (they're generally SEO grabs).
     157        if ( strlen( $this->plugin_slug ) < 5 ) {
     158            $error = __( 'Error: The plugin slug is too short.', 'wporg-plugins' );
     159
     160            return new \WP_Error( 'trademarked_name', $error . ' ' . sprintf(
     161                /* translators: 1: plugin slug, 2: 'Plugin Name:' */
     162                __( 'Your chosen plugin name - %1$s - is not permitted becuase it is too short. Please change the %2$s line in your main plugin file and readme and upload it again.', 'wporg-plugins' ),
     163                '<code>' . $this->plugin_slug . '</code>',
     164                '<code>Plugin Name:</code>'
    140165            ) );
    141166        }
     
    291316        ) . '</p><p>';
    292317
    293         // Warn if the plugin starts with a reserved slug.
    294         if ( $this->starts_with_reserved_slug() ) {
    295             $message .= sprintf(
    296                 /* translators: %s: plugin name */
    297                 __( 'Warning: Your plugin will probably need to be renamed. Your chosen plugin name - %s - starts with a term that may belong to another company. When we review your submission we will either correct this for you or request you approve a new name.' ),
    298                 esc_html( $this->plugin['Name'] )
    299             ) . '</p><p>';
    300         }
    301 
    302318        $message .= __( 'If there is any error in your submission, please email us as soon as possible. We can correct many issues before approval.', 'wporg-plugins' ) . '</p><p>';
    303319
     
    335351            'wp-admin',
    336352            'wordpress',
     353            'jquery',
    337354        );
    338355
     
    341358
    342359    /**
    343      * Whether the uploaded plugin uses a slug commonly abused by non-reps.
     360     * Whether the uploaded plugin uses a trademark in the slug.
    344361     *
    345362     * @return bool
    346363     */
    347     public function starts_with_reserved_slug() {
    348         $abused_slugs = array(
    349             'apple',
     364    public function has_trademarked_slug() {
     365        $trademarked_slugs = array(
     366            'contact-form-7',
    350367            'facebook',
    351368            'google',
    352             'ios',
    353             'jetpack',
     369            '-gram',
     370            'gram-',
     371            'instagram',
     372            'insta',
    354373            'microsoft',
    355374            'paypal',
    356375            'twitter',
     376            'tweet',
     377            'whatsapp',
     378            'whats-app',
    357379            'woocommerce',
    358380            'wordpress',
     
    360382        );
    361383
    362         // Get the slug in an array.
    363         $slug = explode( '-', $this->plugin_slug );
    364 
    365         // If the slug is the same as the first term, flag for abuse.
    366         return in_array( $slug[0], $abused_slugs );
     384        $has_trademarked_slug = false;
     385
     386        foreach ( $trademarked_slugs as $trademark ) {
     387            if ( false !== strpos( $this->plugin_slug, $trademark ) ) {
     388                $has_trademarked_slug = true;
     389                break;
     390            }
     391        }
     392
     393        return $has_trademarked_slug;
    367394    }
    368395
     
    407434
    408435        echo '<h4>' . sprintf( __( 'Results of Automated Plugin Scanning: %s', 'wporg-plugins' ), vsprintf( '<span class="%1$s">%2$s</span>', $verdict ) ) . '</h4>';
    409         echo '<ul class="tc-result">' . 'Result' . '</ul>';
     436        echo '<ul class="tc-result">' . __( 'Result', 'wporg-plugins' ) . '</ul>';
    410437        echo '<div class="notice notice-info"><p>' . __( 'Note: While the automated plugin scan is based on the Plugin Review Guidelines, it is not a complete review. A successful result from the scan does not guarantee that the plugin will pass review. All submitted plugins are reviewed manually before approval.', 'wporg-plugins' ) . '</p></div>';
    411438
     
    446473        );
    447474
    448         /* translators: 1: plugin name, 2: plugin slug */
     475        /*
     476            Please leave the blank lines in place.
     477        */
    449478        $email_content = sprintf(
     479            // translators: 1: plugin name, 2: plugin slug.
    450480            __(
    451481'Thank you for uploading %1$s to the WordPress Plugin Directory. We will review your submission as soon as possible and send you a follow up email with the results.
    452482
    453 Your plugin has been given the initial slug of %2$s, however this is subject to change based on the results of your review.
    454 
    455 If there is any problem with this submission, please reply to this email and let us know right away. In most cases, we can correct errors as long as the plugin has not yet been approved. For situations like an incorrect plugin slug, we are unable to change that post approval. If you do not inform us of any requirements now, we will be unable to honor them later.
     483Your plugin has been given the initial slug of %2$s based on your diplay name of %1$s. This is subject to change based on the results of your review.
     484
     485If there are any problems with your submission, please REPLY to this email and let us know right away. In most cases, we can correct errors as long as the plugin has not yet been approved. For situations like an incorrect plugin slug, we are unable to change that post approval. If you do not inform us of any requirements now, we will be unable to honor them later.
    456486
    457487We recommend you review the following links to understand the review process and our expectations:
     
    475505    }
    476506
    477     // Helper
     507    // Helper.
    478508    /**
    479509     * Whitelist zip files to be allowed to be uploaded to the media library.
Note: See TracChangeset for help on using the changeset viewer.