WordPress.org

Making WordPress.org

Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#5178 closed enhancement (fixed)

Plugin Directory: Improve Uploader Fails

Reported by: Ipstenu Owned by: dd32
Milestone: Priority: normal
Component: Plugin Directory Keywords: has-patch 2nd-opinion
Cc:

Description

This needs a couple more eyes on it because I'm trying something hinky :)

  1. Soften language for auto-fails and make sure people can be directed where to go.
  2. Add more blocked permalinks (attempting to handle Facebook's flat reject of a plugin with 'fb-' or 'ig-' without so many false negatives)
  3. Better explain what the new 'This plugin already exists, but just not here' error means (in this case it means 'you're using the slug already, we don't want to break your users!)
  4. THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and trademarks they're allowed to use. I was not able to test this fully! The idea is that 'If you're Yoast, you can use Yoast.' I do not envision there will be a lot of need for this, but it will calm down Automattic a touch :) I would love a second opinion on this part.

Humor: "Stand in the place where you code now and think about directions wonder why you haven't before."

Attachments (1)

5178.diff (4.6 KB) - added by Ipstenu 5 months ago.

Download all attachments as: .zip

Change History (7)

@Ipstenu
5 months ago

#1 @dufresnesteven
5 months ago

@Ipstenu

THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and trademarks they're allowed to use. I was not able to test this fully! The idea is that 'If you're Yoast, you can use Yoast.' I do not envision there will be a lot of need for this, but it will calm down Automattic a touch :) I would love a second opinion on this part.

The domain name industry addressed a similar problem for new TLDs a decade ago. Although it's definitely overkill, I will share their approach in case this becomes very necessary :).

When submitting domain applications that included trademarks, the user needed to provide a Signed Mark Data (SMD) file. The SMD file was a signed hash approved by a governing body - The Trademark Clearing House. The hash included all the variations of the trademark that applied. If the trademarks in the SMD file matched the domain name - Good to go!

Learn more? See: https://www.trademark-clearinghouse.com/

#2 @Ipstenu
5 months ago

Yeah, we're not at a level where managing that is needed or really sustainable. Yet. I'm sure that will change.

#3 @dd32
5 months ago

In 9805:

Plugin Directory: Add a few more slugs to the Trademark list, and soften language around some automated rejection reasons.

Props Ipstenu.
See #5178.

#4 @dd32
5 months ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 9806:

Plugin Directory: Allow users to bypass the trademark checks if their registerd profile email matches the trademark owner.

Props Ipstenu.
Fixes #5178.

#5 @dd32
5 months ago

THIS IS THE WEIRD CHANGE. Adding in a new array of 'special' emails and trademarks they're allowed to use. I was not able to test this fully! The idea is that 'If you're Yoast, you can use Yoast.' I do not envision there will be a lot of need for this, but it will calm down Automattic a touch :) I would love a second opinion on this part.

Works for me :)

The only change I made was to add the 3rd param to explode( '@', email, 2 ) so that fraudster@realdomain.com@attackersdomain.com didn't allow an attacker to use realdomains trademarks if somehow they managed to get that as an email address on WordPress.org.

#6 @dd32
5 months ago

  • Component changed from General to Plugin Directory
Note: See TracTickets for help on using tickets.