From 09fffbe8ca02f5f33682a91d94caa63cc805feb5 Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Wed, 25 Oct 2023 08:10:28 -0600 Subject: [PATCH 01/12] CANTINA-954: Security: Use ambiguous error message in forgot password (#4973) * Security: Use ambiguous error message in forgot password for multisites * Fix linting * Add tests * use error api instead of traversing mebbe fix test with type checking --------- Co-authored-by: Volodymyr Kolesnykov --- security/login-error.php | 38 ++++++++++++++++++--- tests/security/test-login-error.php | 53 +++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+), 4 deletions(-) create mode 100644 tests/security/test-login-error.php diff --git a/security/login-error.php b/security/login-error.php index 517c08daab..21f0ebaf18 100644 --- a/security/login-error.php +++ b/security/login-error.php @@ -1,13 +1,17 @@ get_error_codes(); $err_types = [ @@ -35,5 +44,26 @@ function use_ambiguous_login_error( $error ): string { return (string) $error; } - add_filter( 'login_errors', __NAMESPACE__ . '\use_ambiguous_login_error', 99, 1 ); + +/** + * Use a message that does not reveal the type of login error in an attempted brute-force on forget password. + * + * @param WP_Error $errors WP Error object. + * + * @return WP_Error $errors WP Error object. + * + * @since 1.1 + */ +function use_ambiguous_confirmation( $errors ): WP_Error { + if ( isset( $_GET['checkemail'] ) && 'confirm' === $_GET['checkemail'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended + $messages = $errors->get_error_messages( 'confirm' ); + if ( ! empty( $messages ) ) { + $errors->remove( 'confirm' ); + $errors->add( 'confirm', FORGET_PWD_MESSAGE, 'message' ); + } + } + + return $errors; +} +add_filter( 'wp_login_errors', __NAMESPACE__ . '\use_ambiguous_confirmation', 99 ); diff --git a/tests/security/test-login-error.php b/tests/security/test-login-error.php new file mode 100644 index 0000000000..d3d4506bbe --- /dev/null +++ b/tests/security/test-login-error.php @@ -0,0 +1,53 @@ +add( + 'confirm', + sprintf( + 'Check your email for the confirmation link, then visit the login page.', + wp_login_url() + ), + 'message' + ); + + $_GET['checkemail'] = 'confirm'; + $actual = apply_filters( 'wp_login_errors', $errors, admin_url() ); + + self::assertInstanceOf( WP_Error::class, $actual ); + self::assertContains( FORGET_PWD_MESSAGE, $actual->get_error_messages( 'confirm' ) ); + } + + public function test_ambiguous_reset(): void { + global $errors; + + $message = 'Something went terribly wrong'; + + // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited + $errors = new WP_Error(); + $errors->add( 'error', $message ); + + $_GET['action'] = 'lostpassword'; + + $actual = apply_filters( 'login_errors', $message ); + self::assertSame( FORGET_PWD_MESSAGE, $actual ); + } +} From d6f7a348c04252d65a405feeefb922142284d96c Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Wed, 25 Oct 2023 15:58:02 -0600 Subject: [PATCH 02/12] CANTINA-953: Add `vip_block_wp_mail` filter (#4975) * Add vip_block_wp_mail filter * Adds tests Add tests * PHP 8.2 fix for dynamic property PHP 8.2 fix for dynamic property --- tests/mock-constants.php | 16 ++++++ tests/test-vip-mail.php | 107 +++++++++++++++++++++++++++++++++++++-- vip-mail.php | 19 ++++++- 3 files changed, 137 insertions(+), 5 deletions(-) diff --git a/tests/mock-constants.php b/tests/mock-constants.php index 835f70083a..88a169aefc 100644 --- a/tests/mock-constants.php +++ b/tests/mock-constants.php @@ -200,3 +200,19 @@ function constant( $constant ) { return Constant_Mocker::constant( $constant ); } } + +namespace Automattic\VIP\Mail { + use Automattic\Test\Constant_Mocker; + + function define( $constant, $value ) { + return Constant_Mocker::define( $constant, $value ); + } + + function defined( $constant ) { + return Constant_Mocker::defined( $constant ); + } + + function constant( $constant ) { + return Constant_Mocker::constant( $constant ); + } +} diff --git a/tests/test-vip-mail.php b/tests/test-vip-mail.php index d73a4d0561..535e17f5d3 100644 --- a/tests/test-vip-mail.php +++ b/tests/test-vip-mail.php @@ -1,19 +1,28 @@ assertTrue( class_exists( 'VIP_PHPMailer', false ) ); + $this->assertTrue( class_exists( '\Automattic\VIP\Mail\VIP_PHPMailer', false ) ); } /** @@ -132,4 +141,94 @@ public function test_filter_removal(): void { self::assertEquals( $expected, $actual ); } + + public function test_noop_mailer__filter_only() { + set_error_handler( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler + static function ( $errno, $errstr ) { + restore_error_handler(); + throw new \Exception( $errstr, $errno ); // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped + }, + E_ALL + ); + + add_filter( 'vip_block_wp_mail', '__return_true' ); + + $this->expectException( \Exception::class ); + $this->expectExceptionMessage( 'VIP_Noop_Mailer::send: skipped sending email with subject `Test` to test@example.com' ); + + wp_mail( 'test@example.com', 'Test', 'Should not be sent' ); + + restore_error_handler(); + } + + public function test_noop_mailer__constant_true_filter_false() { + set_error_handler( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler + static function ( $errno, $errstr ) { + restore_error_handler(); + throw new \Exception( $errstr, $errno ); // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped + }, + E_ALL + ); + + Constant_Mocker::define( 'VIP_BLOCK_WP_MAIL', true ); + add_filter( 'vip_block_wp_mail', '__return_false' ); + + $this->expectException( \Exception::class ); + $this->expectExceptionMessage( 'VIP_Noop_Mailer::send: skipped sending email with subject `Test` to test@example.com' ); + + wp_mail( 'test@example.com', 'Test', 'Should not be sent' ); + + restore_error_handler(); + } + + public function test_noop_mailer__constant_only() { + set_error_handler( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler + static function ( $errno, $errstr ) { + restore_error_handler(); + throw new \Exception( $errstr, $errno ); // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped + }, + E_ALL + ); + + Constant_Mocker::define( 'VIP_BLOCK_WP_MAIL', true ); + + $this->expectException( \Exception::class ); + $this->expectExceptionMessage( 'VIP_Noop_Mailer::send: skipped sending email with subject `Test` to test@example.com' ); + + wp_mail( 'test@example.com', 'Test', 'Should not be sent' ); + + restore_error_handler(); + } + + public function test_noop_mailer__constant_and_filter_false() { + Constant_Mocker::define( 'VIP_BLOCK_WP_MAIL', false ); + add_filter( 'vip_block_wp_mail', '__return_false' ); + + $body = 'Testing should send'; + wp_mail( 'test@example.com', 'Test', $body ); + + $mailer = tests_retrieve_phpmailer_instance(); + + $this->assertEquals( $body, $mailer->Body ); + } + + public function test_noop_mailer__constant_false_filter_true() { + set_error_handler( // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler + static function ( $errno, $errstr ) { + restore_error_handler(); + throw new \Exception( $errstr, $errno ); // phpcs:ignore WordPress.Security.EscapeOutput.ExceptionNotEscaped + }, + E_ALL + ); + + Constant_Mocker::define( 'VIP_BLOCK_WP_MAIL', false ); + add_filter( 'vip_block_wp_mail', '__return_true' ); + + $this->expectException( \Exception::class ); + $this->expectExceptionMessage( 'VIP_Noop_Mailer::send: skipped sending email with subject `Test` to test@example.com' ); + + wp_mail( 'test@example.com', 'Test', 'Should not be sent' ); + + restore_error_handler(); + } } diff --git a/vip-mail.php b/vip-mail.php index 14a030cc7f..9726374494 100644 --- a/vip-mail.php +++ b/vip-mail.php @@ -10,6 +10,7 @@ // phpcs:disable Generic.Files.OneObjectStructurePerFile.MultipleFound -- needs refactoring // phpcs:disable WordPress.NamingConventions.ValidVariableName.UsedPropertyNotSnakeCase -- PHPMailer does not follow the conventions +namespace Automattic\VIP\Mail; use PHPMailer\PHPMailer\PHPMailer; @@ -45,6 +46,17 @@ protected static function isPermittedPath( $path ) { } class VIP_Noop_Mailer { + + /** + * @var string + */ + public $subject; + + /** + * @var string + */ + public $recipients; + public function __construct( $phpmailer ) { $this->subject = $phpmailer->Subject ?? '[No Subject]'; $this->recipients = implode( ', ', array_keys( $phpmailer->getAllRecipientAddresses() ) ); @@ -80,7 +92,12 @@ private function __construct() { * @param PHPMailer $phpmailer */ public function phpmailer_init( &$phpmailer ): void { - if ( defined( 'VIP_BLOCK_WP_MAIL' ) && true === constant( 'VIP_BLOCK_WP_MAIL' ) ) { + if ( defined( 'VIP_BLOCK_WP_MAIL' ) && true === constant( 'VIP_BLOCK_WP_MAIL' ) ) { // Constant will take precedence over filter + $phpmailer = new VIP_Noop_Mailer( $phpmailer ); + return; + } + + if ( true === apply_filters( 'vip_block_wp_mail', false ) ) { $phpmailer = new VIP_Noop_Mailer( $phpmailer ); return; } From 39d4802cb004071639ecbe00062f3c920845d4af Mon Sep 17 00:00:00 2001 From: Volodymyr Kolesnykov Date: Thu, 26 Oct 2023 06:06:42 +0300 Subject: [PATCH 03/12] fix(files): better handle directories in move() (#4970) --- files/class-wp-filesystem-vip.php | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/files/class-wp-filesystem-vip.php b/files/class-wp-filesystem-vip.php index 517b9dfd0a..a601621ad1 100644 --- a/files/class-wp-filesystem-vip.php +++ b/files/class-wp-filesystem-vip.php @@ -218,6 +218,10 @@ public function copy( $source, $destination, $overwrite = false, $mode = false ) return false; } + if ( $source_transport instanceof WP_Filesystem_Direct && $destination_transport instanceof WP_Filesystem_Direct ) { + return $source_transport->copy( $source, $destination, $overwrite, $mode ); + } + $destination_exists = $destination_transport->exists( $destination ); if ( ! $overwrite && $destination_exists ) { /* translators: 1: destination file path 2: overwrite param 3: `true` boolean value */ @@ -248,13 +252,24 @@ public function copy( $source, $destination, $overwrite = false, $mode = false ) * @return bool */ public function move( $source, $destination, $overwrite = false ) { - $copy_results = $this->copy( $source, $destination, $overwrite ); - if ( false === $copy_results ) { - return false; + $source_transport = $this->get_transport_for_path( $source ); + $destination_transport = $this->get_transport_for_path( $destination, 'write' ); + if ( $source_transport instanceof WP_Filesystem_Direct && $destination_transport instanceof WP_Filesystem_Direct ) { + return $source_transport->move( $source, $destination, $overwrite ); } - // We don't need to set the errors here since delete() will take care of it - return $this->delete( $source ); + // WP_Filesystem_Direct::get_contents() invoked by copy() will return '' for directories; this will result in directories being copied as empty files. + if ( $source_transport->is_file( $source ) ) { + $copy_results = $this->copy( $source, $destination, $overwrite ); + if ( false === $copy_results ) { + return false; + } + + // We don't need to set the errors here since delete() will take care of it + return $this->delete( $source ); + } + + return false; } /** From 6f8b5eeca4385c17a55c571298f604c8d4c29628 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 06:07:54 +0300 Subject: [PATCH 04/12] chore(deps-dev): Bump cypress-multi-reporters from 1.6.3 to 1.6.4 (#4976) Bumps [cypress-multi-reporters](https://github.com/you54f/cypress-multi-reporters) from 1.6.3 to 1.6.4. - [Release notes](https://github.com/you54f/cypress-multi-reporters/releases) - [Changelog](https://github.com/YOU54F/cypress-multi-reporters/blob/master/CHANGELOG.md) - [Commits](https://github.com/you54f/cypress-multi-reporters/commits) --- updated-dependencies: - dependency-name: cypress-multi-reporters dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index c107c2c2e6..61c2cc6dcc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9416,9 +9416,9 @@ } }, "node_modules/cypress-multi-reporters": { - "version": "1.6.3", - "resolved": "https://registry.npmjs.org/cypress-multi-reporters/-/cypress-multi-reporters-1.6.3.tgz", - "integrity": "sha512-klb9pf6oAF4WCLHotu9gdB8ukYBdeTzbEMuESKB3KT54HhrZj65vQxubAgrULV5H2NWqxHdUhlntPbKZChNvEw==", + "version": "1.6.4", + "resolved": "https://registry.npmjs.org/cypress-multi-reporters/-/cypress-multi-reporters-1.6.4.tgz", + "integrity": "sha512-3xU2t6pZjZy/ORHaCvci5OT1DAboS4UuMMM8NBAizeb2C9qmHt+cgAjXgurazkwkPRdO7ccK39M5ZaPCju0r6A==", "dev": true, "dependencies": { "debug": "^4.3.4", From f4d1ab55b1485d5400182b333884af637191cc77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Oct 2023 06:08:48 +0300 Subject: [PATCH 05/12] chore(deps-dev): Bump wp-cli/wp-cli from 2.8.1 to 2.9.0 (#4977) Bumps [wp-cli/wp-cli](https://github.com/wp-cli/wp-cli) from 2.8.1 to 2.9.0. - [Release notes](https://github.com/wp-cli/wp-cli/releases) - [Commits](https://github.com/wp-cli/wp-cli/compare/v2.8.1...v2.9.0) --- updated-dependencies: - dependency-name: wp-cli/wp-cli dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- composer.json | 2 +- composer.lock | 26 +++++++++++++------------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/composer.json b/composer.json index f2ae82a0f2..a2652a2a83 100644 --- a/composer.json +++ b/composer.json @@ -8,7 +8,7 @@ "yoast/phpunit-polyfills": "2.0.0", "johnpbloch/wordpress-core": "6.3.2", "wp-phpunit/wp-phpunit": "6.3.1", - "wp-cli/wp-cli": "2.8.1" + "wp-cli/wp-cli": "2.9.0" }, "config": { "allow-plugins": { diff --git a/composer.lock b/composer.lock index 58a00e386f..2af8da2311 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "59e6d0f8004139ba6bf2c3308e5a157a", + "content-hash": "d1f88f8ce41eb6967141e0fd5bd7c868", "packages": [], "packages-dev": [ { @@ -2754,16 +2754,16 @@ }, { "name": "wp-cli/php-cli-tools", - "version": "v0.11.20", + "version": "v0.11.21", "source": { "type": "git", "url": "https://github.com/wp-cli/php-cli-tools.git", - "reference": "d788a2c79e02f2f735fbb2b9a53db94d0e1bca4f" + "reference": "b3457a8d60cd0b1c48cab76ad95df136d266f0b6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/wp-cli/php-cli-tools/zipball/d788a2c79e02f2f735fbb2b9a53db94d0e1bca4f", - "reference": "d788a2c79e02f2f735fbb2b9a53db94d0e1bca4f", + "url": "https://api.github.com/repos/wp-cli/php-cli-tools/zipball/b3457a8d60cd0b1c48cab76ad95df136d266f0b6", + "reference": "b3457a8d60cd0b1c48cab76ad95df136d266f0b6", "shasum": "" }, "require": { @@ -2811,22 +2811,22 @@ ], "support": { "issues": "https://github.com/wp-cli/php-cli-tools/issues", - "source": "https://github.com/wp-cli/php-cli-tools/tree/v0.11.20" + "source": "https://github.com/wp-cli/php-cli-tools/tree/v0.11.21" }, - "time": "2023-09-01T12:21:35+00:00" + "time": "2023-09-29T15:28:10+00:00" }, { "name": "wp-cli/wp-cli", - "version": "v2.8.1", + "version": "v2.9.0", "source": { "type": "git", "url": "https://github.com/wp-cli/wp-cli.git", - "reference": "5dd2340b9a01c3cfdbaf5e93a140759fdd190eee" + "reference": "8a3befba2d947fbf5cc6d1941edf2dd99da4d4b7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/wp-cli/wp-cli/zipball/5dd2340b9a01c3cfdbaf5e93a140759fdd190eee", - "reference": "5dd2340b9a01c3cfdbaf5e93a140759fdd190eee", + "url": "https://api.github.com/repos/wp-cli/wp-cli/zipball/8a3befba2d947fbf5cc6d1941edf2dd99da4d4b7", + "reference": "8a3befba2d947fbf5cc6d1941edf2dd99da4d4b7", "shasum": "" }, "require": { @@ -2843,7 +2843,7 @@ "wp-cli/entity-command": "^1.2 || ^2", "wp-cli/extension-command": "^1.1 || ^2", "wp-cli/package-command": "^1 || ^2", - "wp-cli/wp-cli-tests": "^3.1.6" + "wp-cli/wp-cli-tests": "^4.0.1" }, "suggest": { "ext-readline": "Include for a better --prompt implementation", @@ -2883,7 +2883,7 @@ "issues": "https://github.com/wp-cli/wp-cli/issues", "source": "https://github.com/wp-cli/wp-cli" }, - "time": "2023-06-05T06:55:55+00:00" + "time": "2023-10-25T09:06:37+00:00" }, { "name": "wp-coding-standards/wpcs", From be168c737afd701a4bf92bd433d9d89693b3ac26 Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Thu, 26 Oct 2023 11:31:09 -0600 Subject: [PATCH 06/12] Follow up to PR 4973: Make login error strings translatable (#4978) * Follow up to PR 4973: Make login error strings translatable Follow up to PR 4973: Make login error strings translatable * use single line string * fix tests --- security/login-error.php | 16 +++++++++++----- tests/security/test-login-error.php | 10 ++++++++-- 2 files changed, 19 insertions(+), 7 deletions(-) diff --git a/security/login-error.php b/security/login-error.php index 21f0ebaf18..5567bc15c0 100644 --- a/security/login-error.php +++ b/security/login-error.php @@ -3,8 +3,6 @@ use WP_Error; -const FORGET_PWD_MESSAGE = 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.'; - /** * Use a login message that does not reveal the type of login error in an attempted brute-force. * @@ -23,7 +21,10 @@ function use_ambiguous_login_error( $error ): string { // For lostpassword action, use different message. if ( isset( $_GET['action'] ) && 'lostpassword' === $_GET['action'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended - return FORGET_PWD_MESSAGE; + return esc_html__( + 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.', + 'vip' + ); } $err_codes = $errors->get_error_codes(); @@ -37,7 +38,8 @@ function use_ambiguous_login_error( $error ): string { foreach ( $err_types as $err ) { if ( in_array( $err, $err_codes, true ) ) { - $error = 'Error: The username/email address or password is incorrect. Please try again.'; + $error = '' . esc_html__( 'Error', 'vip' ) . ': ' . + esc_html__( 'The username/email address or password is incorrect. Please try again.', 'vip' ); break; } } @@ -60,7 +62,11 @@ function use_ambiguous_confirmation( $errors ): WP_Error { $messages = $errors->get_error_messages( 'confirm' ); if ( ! empty( $messages ) ) { $errors->remove( 'confirm' ); - $errors->add( 'confirm', FORGET_PWD_MESSAGE, 'message' ); + $errors->add( + 'confirm', + esc_html__( 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.', 'vip' ), + 'message' + ); } } diff --git a/tests/security/test-login-error.php b/tests/security/test-login-error.php index d3d4506bbe..fe30c50371 100644 --- a/tests/security/test-login-error.php +++ b/tests/security/test-login-error.php @@ -33,7 +33,10 @@ public function test_use_ambiguous_confirmation(): void { $actual = apply_filters( 'wp_login_errors', $errors, admin_url() ); self::assertInstanceOf( WP_Error::class, $actual ); - self::assertContains( FORGET_PWD_MESSAGE, $actual->get_error_messages( 'confirm' ) ); + self::assertContains( + 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.', + $actual->get_error_messages( 'confirm' ) + ); } public function test_ambiguous_reset(): void { @@ -48,6 +51,9 @@ public function test_ambiguous_reset(): void { $_GET['action'] = 'lostpassword'; $actual = apply_filters( 'login_errors', $message ); - self::assertSame( FORGET_PWD_MESSAGE, $actual ); + self::assertSame( + 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.', + $actual + ); } } From eead23ce55acd9b0c94641bc7e7fc6e96494ae96 Mon Sep 17 00:00:00 2001 From: Andrea Grassi Date: Fri, 27 Oct 2023 22:27:17 +0200 Subject: [PATCH 07/12] Disable SAVEQUERIES in WP CLI commands (#4981) * disable SAVEQUERIES for all the WP CLI commands, unless already defined. * fix linting (missing space) --- wp-cli.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/wp-cli.php b/wp-cli.php index 33be2818bf..23357d18a1 100644 --- a/wp-cli.php +++ b/wp-cli.php @@ -45,6 +45,16 @@ function maybe_toggle_is_ssl() { } } +/** + * Disable the SAVEQUERIES for all the WP CLI interactions, unless already defined. + * SAVEQUERIES tracks is quite expensive if turned on and can lead to OOM and performance issues, it should be enabled only when needed. + */ +function maybe_disable_savequeries() { + if ( ! defined( 'SAVEQUERIES' ) ) { + define( 'SAVEQUERIES', false ); + } +} + /** * Disable `display_errors` for all wp-cli interactions on production servers. * @@ -71,6 +81,8 @@ function disable_display_errors() { init_is_ssl_toggle(); + maybe_disable_savequeries(); + foreach ( glob( __DIR__ . '/wp-cli/*.php' ) as $command ) { require $command; } From 734f50b72a22147ae0759369ce17496c15b74d6e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 14:37:18 -0600 Subject: [PATCH 08/12] chore(deps-dev): Bump sass in /search/search-dev-tools (#4979) Bumps [sass](https://github.com/sass/dart-sass) from 1.69.4 to 1.69.5. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.69.4...1.69.5) --- updated-dependencies: - dependency-name: sass dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- search/search-dev-tools/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/search/search-dev-tools/package-lock.json b/search/search-dev-tools/package-lock.json index 5c3aaee9b1..68d151f58e 100644 --- a/search/search-dev-tools/package-lock.json +++ b/search/search-dev-tools/package-lock.json @@ -10308,9 +10308,9 @@ "dev": true }, "node_modules/sass": { - "version": "1.69.4", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.69.4.tgz", - "integrity": "sha512-+qEreVhqAy8o++aQfCJwp0sklr2xyEzkm9Pp/Igu9wNPoe7EZEQ8X/MBvvXggI2ql607cxKg/RKOwDj6pp2XDA==", + "version": "1.69.5", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.69.5.tgz", + "integrity": "sha512-qg2+UCJibLr2LCVOt3OlPhr/dqVHWOa9XtZf2OjbLs/T4VPSJ00udtgJxH3neXZm+QqX8B+3cU7RaLqp1iVfcQ==", "dev": true, "dependencies": { "chokidar": ">=3.0.0 <4.0.0", From abef0ab5e437b15c210b0e663763599d56cc979b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Oct 2023 14:37:30 -0600 Subject: [PATCH 09/12] chore(deps-dev): Bump acorn in /search/search-dev-tools (#4982) Bumps [acorn](https://github.com/acornjs/acorn) from 8.10.0 to 8.11.2. - [Commits](https://github.com/acornjs/acorn/compare/8.10.0...8.11.2) --- updated-dependencies: - dependency-name: acorn dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- search/search-dev-tools/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/search/search-dev-tools/package-lock.json b/search/search-dev-tools/package-lock.json index 68d151f58e..f3d7fb98bb 100644 --- a/search/search-dev-tools/package-lock.json +++ b/search/search-dev-tools/package-lock.json @@ -3163,9 +3163,9 @@ } }, "node_modules/acorn": { - "version": "8.10.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.10.0.tgz", - "integrity": "sha512-F0SAmZ8iUtS//m8DmCTA0jlh6TDKkHQyK6xc6V4KDTyZKA9dnvX9/3sRTVQrWm79glUAZbnmmNcdYwUIHWVybw==", + "version": "8.11.2", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.11.2.tgz", + "integrity": "sha512-nc0Axzp/0FILLEVsm4fNwLCwMttvhEI263QtVPQcbpfZZ3ts0hLsZGOpE6czNlid7CJ9MlyH8reXkpsf3YUY4w==", "dev": true, "bin": { "acorn": "bin/acorn" From 681e67b1b40b438a582ee2c83b6671d59186dd60 Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Mon, 30 Oct 2023 11:03:31 -0600 Subject: [PATCH 10/12] Jetpack: Update default version to 12.7.1 (#4986) * Jetpack: Update default version to 12.7.1 Jetpack: Update default version to 12.7.1 * Fix test --- jetpack | 2 +- jetpack.php | 4 ++-- tests/test-jetpack.php | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/jetpack b/jetpack index 74f24612eb..d78bbff0c5 160000 --- a/jetpack +++ b/jetpack @@ -1 +1 @@ -Subproject commit 74f24612eb4300e4ce5bc0cd91ebbd9560e15827 +Subproject commit d78bbff0c58df6cf5fdbc991fe5d027f93d7dde1 diff --git a/jetpack.php b/jetpack.php index 6349fdfad1..1ac1f917a1 100644 --- a/jetpack.php +++ b/jetpack.php @@ -5,7 +5,7 @@ * Plugin URI: https://jetpack.com * Description: Security, performance, and marketing tools made by WordPress experts. Jetpack keeps your site protected so you can focus on more important things. * Author: Automattic - * Version: 12.7 + * Version: 12.7.1 * Author URI: https://jetpack.com * License: GPL2+ * Text Domain: jetpack @@ -34,7 +34,7 @@ function vip_default_jetpack_version() { return '12.5'; } else { // WordPress 6.2 and newer. - return '12.7'; + return '12.7.1'; } } diff --git a/tests/test-jetpack.php b/tests/test-jetpack.php index f2dfb5cb4b..8f1bb01fde 100644 --- a/tests/test-jetpack.php +++ b/tests/test-jetpack.php @@ -7,7 +7,7 @@ public function test__vip_default_jetpack_version() { global $wp_version; $saved_wp_version = $wp_version; - $latest = '12.7'; + $latest = '12.7.1'; $versions_map = [ // WordPress version => Jetpack version From 3bf5d2d5cd129aef4b46369245933680b4cafcfc Mon Sep 17 00:00:00 2001 From: Rebecca Hum Date: Mon, 30 Oct 2023 11:27:52 -0600 Subject: [PATCH 11/12] WPCOM_VIP_QUERY_LOG (#4985) --- misc.php | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/misc.php b/misc.php index bd33253bf8..e649bdf2e8 100644 --- a/misc.php +++ b/misc.php @@ -132,35 +132,6 @@ function _vip_filter_rest_url_for_ssl( $url ) { return $url; } - -function wpcom_vip_query_log() { - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized - $request_uri = $_SERVER['REQUEST_URI'] ?? ''; - if ( '/cache-healthcheck?' === $request_uri ) { - return; - } - - // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended - $action = $_REQUEST['action'] ?? 'N/A'; - $num_queries = count( $GLOBALS['wpdb']->queries ); - // phpcs:ignore WordPress.PHP.DevelopmentFunctions - error_log( 'WPCOM VIP Query Log for ' . $request_uri . ' (action: ' . $action . ') ' . $num_queries . 'q: ' . PHP_EOL . print_r( $GLOBALS['wpdb']->queries, true ) ); -} - -/** - * Think carefully before enabling this on a production site. Then - * if you still want to do it, think again, and talk it over with - * someone else. - */ -if ( defined( 'WPCOM_VIP_QUERY_LOG' ) && WPCOM_VIP_QUERY_LOG ) { - if ( ! defined( 'SAVEQUERIES' ) || ! SAVEQUERIES ) { - define( 'SAVEQUERIES', true ); - } - // For hyperdb, which doesn't use SAVEQUERIES - $GLOBALS['wpdb']->save_queries = SAVEQUERIES; - add_action( 'shutdown', 'wpcom_vip_query_log' ); -} - /** * Improve perfomance of the `_WP_Editors::wp_link_query` method * From e5a4ec758544379d384b3d29743f97b23f98864a Mon Sep 17 00:00:00 2001 From: Ahmed Sayeed Wasif Date: Wed, 1 Nov 2023 00:32:00 +0600 Subject: [PATCH 12/12] Remove my-jetpack page from wp-admin (#4956) * Remove my-jetpack-admin page * Hide only if vip bot owns the jp connection * Add action on plugins_loaded --- vip-jetpack/vip-jetpack.php | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/vip-jetpack/vip-jetpack.php b/vip-jetpack/vip-jetpack.php index 27647c26a2..8b8478c110 100644 --- a/vip-jetpack/vip-jetpack.php +++ b/vip-jetpack/vip-jetpack.php @@ -72,6 +72,25 @@ return $modules; }, 999 ); +/** + * Do not initialize my jetpack admin page for VIP Machine User + */ +add_action( 'plugins_loaded', function () { + if ( ! is_admin() || wp_doing_ajax() || ! method_exists( 'Jetpack', 'connection' ) || ! defined( 'WPCOM_VIP_MACHINE_USER_LOGIN' ) ) { + return; + } + + $jp_connection = Jetpack::connection(); + if ( method_exists( $jp_connection, 'get_connection_owner' ) ) { + $connection_owner = $jp_connection->get_connection_owner(); + $is_vip_connection = isset( $connection_owner->user_login ) && WPCOM_VIP_MACHINE_USER_LOGIN === $connection_owner->user_login; + + if ( $is_vip_connection ) { + add_filter( 'jetpack_my_jetpack_should_initialize', '__return_false' ); + } + } +} ); + /** * Lock down the jetpack_sync_settings_max_queue_size to an allowed range *