Making WordPress.org

Opened 3 months ago

Closed 3 months ago

Last modified 3 months ago

#7415 closed defect (bug) (fixed)

Consider blocking plugin submissions containing .git folders (among others?)

Reported by: justinsainton's profile JustinSainton Owned by: dd32's profile dd32
Milestone: Priority: normal
Component: Plugin Directory Keywords:
Cc:

Description

Related: https://meta.trac.wordpress.org/ticket/6512

Separate from the SVN upload in that related ticket, we should consider blocking plugins upon submission if they contain .git folders.

Change History (4)

#1 @dd32
3 months ago

Just noting, Plugin Check (hereby referred to as PC) does include a check for this: https://github.com/WordPress/plugin-check/blob/trunk/includes/Checker/Checks/File_Type_Check.php

Until such a time that PC blocks uploads (rather than just running on uploads), adding a "Lite" version of that check into the upload process on the directory seems reasonable to me - Especially for the highly common cases of .git and .svn which can often contain details we don't want to know and the plugin author most likely did not realise they were submitting it.

It doesn't need to be as complete as PCs check.

#2 @dd32
3 months ago

  • Component changed from General to Plugin Directory

#3 @dd32
3 months ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 13135:

Plugin Directory: Upload: Reject submissions containing unexpected / invalid directories and file types.

Fixes #7415.

#4 @dd32
3 months ago

In 13136:

Plugin Directory: Add the 2nd half of [13135] allowing for directories to be listed.

See #7415.

Note: See TracTickets for help on using tickets.