#5178 closed enhancement (fixed)
Plugin Directory: Improve Uploader Fails
Reported by: | Ipstenu | Owned by: | dd32 |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Plugin Directory | Keywords: | has-patch 2nd-opinion |
Cc: |
Description
This needs a couple more eyes on it because I'm trying something hinky :)
- Soften language for auto-fails and make sure people can be directed where to go.
- Add more blocked permalinks (attempting to handle Facebook's flat reject of a plugin with 'fb-' or 'ig-' without so many false negatives)
- Better explain what the new 'This plugin already exists, but just not here' error means (in this case it means 'you're using the slug already, we don't want to break your users!)
- THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and trademarks they're allowed to use. I was not able to test this fully! The idea is that 'If you're Yoast, you can use Yoast.' I do not envision there will be a lot of need for this, but it will calm down Automattic a touch :) I would love a second opinion on this part.
Humor: "Stand in the place where you code now and think about directions wonder why you haven't before."
Attachments (1)
Change History (7)
#2
@
5 years ago
Yeah, we're not at a level where managing that is needed or really sustainable. Yet. I'm sure that will change.
#4
@
5 years ago
- Owner set to dd32
- Resolution set to fixed
- Status changed from new to closed
In 9806:
#5
@
5 years ago
THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and trademarks they're allowed to use. I was not able to test this fully! The idea is that 'If you're Yoast, you can use Yoast.' I do not envision there will be a lot of need for this, but it will calm down Automattic a touch :) I would love a second opinion on this part.
Works for me :)
The only change I made was to add the 3rd param to explode( '@', email, 2 )
so that fraudster@realdomain.com@attackersdomain.com
didn't allow an attacker to use realdomain
s trademarks if somehow they managed to get that as an email address on WordPress.org.
@Ipstenu
The domain name industry addressed a similar problem for new TLDs a decade ago. Although it's definitely overkill, I will share their approach in case this becomes very necessary :).
When submitting domain applications that included trademarks, the user needed to provide a Signed Mark Data (SMD) file. The SMD file was a signed hash approved by a governing body - The Trademark Clearing House. The hash included all the variations of the trademark that applied. If the trademarks in the SMD file matched the domain name - Good to go!
Learn more? See: https://www.trademark-clearinghouse.com/