Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Staging release: v20231031.1 #4988

Merged
merged 12 commits into from
Oct 31, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"yoast/phpunit-polyfills": "2.0.0",
"johnpbloch/wordpress-core": "6.3.2",
"wp-phpunit/wp-phpunit": "6.3.1",
"wp-cli/wp-cli": "2.8.1"
"wp-cli/wp-cli": "2.9.0"
},
"config": {
"allow-plugins": {
Expand Down
26 changes: 13 additions & 13 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 20 additions & 5 deletions files/class-wp-filesystem-vip.php
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,10 @@ public function copy( $source, $destination, $overwrite = false, $mode = false )
return false;
}

if ( $source_transport instanceof WP_Filesystem_Direct && $destination_transport instanceof WP_Filesystem_Direct ) {
return $source_transport->copy( $source, $destination, $overwrite, $mode );
}

$destination_exists = $destination_transport->exists( $destination );
if ( ! $overwrite && $destination_exists ) {
/* translators: 1: destination file path 2: overwrite param 3: `true` boolean value */
Expand Down Expand Up @@ -248,13 +252,24 @@ public function copy( $source, $destination, $overwrite = false, $mode = false )
* @return bool
*/
public function move( $source, $destination, $overwrite = false ) {
$copy_results = $this->copy( $source, $destination, $overwrite );
if ( false === $copy_results ) {
return false;
$source_transport = $this->get_transport_for_path( $source );
$destination_transport = $this->get_transport_for_path( $destination, 'write' );
if ( $source_transport instanceof WP_Filesystem_Direct && $destination_transport instanceof WP_Filesystem_Direct ) {
return $source_transport->move( $source, $destination, $overwrite );
}

// We don't need to set the errors here since delete() will take care of it
return $this->delete( $source );
// WP_Filesystem_Direct::get_contents() invoked by copy() will return '' for directories; this will result in directories being copied as empty files.
if ( $source_transport->is_file( $source ) ) {
$copy_results = $this->copy( $source, $destination, $overwrite );
if ( false === $copy_results ) {
return false;
}

// We don't need to set the errors here since delete() will take care of it
return $this->delete( $source );
}

return false;
}

/**
Expand Down
2 changes: 1 addition & 1 deletion jetpack
Submodule jetpack updated 42 files
+6 −3 CHANGELOG.md
+1 −1 _inc/blocks/editor-beta.asset.php
+38 −38 _inc/blocks/editor-beta.js
+1 −1 _inc/blocks/editor-experimental.asset.php
+3 −3 _inc/blocks/editor-experimental.js
+1 −1 _inc/blocks/editor-no-post-editor.asset.php
+3 −3 _inc/blocks/editor-no-post-editor.js
+1 −1 _inc/blocks/editor.asset.php
+3 −3 _inc/blocks/editor.js
+2 −2 composer.json
+122 −94 extensions/blocks/ai-assistant/components/ai-assistant-controls/index.tsx
+7 −109 extensions/blocks/ai-assistant/extensions/ai-assistant/with-ai-assistant.tsx
+0 −33 extensions/blocks/ai-assistant/hooks/use-text-content-from-selected-blocks/index.ts
+1 −26 extensions/blocks/ai-assistant/lib/utils/block-content.ts
+2 −2 jetpack.php
+3 −0 jetpack_vendor/automattic/jetpack-videopress/CHANGELOG.md
+1 −1 jetpack_vendor/automattic/jetpack-videopress/build/block-editor/index.asset.php
+1 −1 jetpack_vendor/automattic/jetpack-videopress/build/block-editor/index.js
+1 −1 jetpack_vendor/automattic/jetpack-videopress/src/class-package-version.php
+6 −0 modules/woocommerce-analytics/classes/class-jetpack-woocommerce-analytics-my-account.php
+6 −65 readme.txt
+1 −1 vendor/autoload.php
+1 −1 vendor/autoload_packages.php
+5 −5 vendor/composer/autoload_real.php
+5 −5 vendor/composer/autoload_static.php
+7 −7 vendor/composer/installed.json
+3 −3 vendor/composer/installed.php
+38 −38 vendor/composer/jetpack_autoload_classmap.php
+1 −1 vendor/jetpack-autoloader/class-autoloader-handler.php
+1 −1 vendor/jetpack-autoloader/class-autoloader-locator.php
+1 −1 vendor/jetpack-autoloader/class-autoloader.php
+1 −1 vendor/jetpack-autoloader/class-container.php
+1 −1 vendor/jetpack-autoloader/class-hook-manager.php
+1 −1 vendor/jetpack-autoloader/class-latest-autoloader-guard.php
+1 −1 vendor/jetpack-autoloader/class-manifest-reader.php
+1 −1 vendor/jetpack-autoloader/class-path-processor.php
+1 −1 vendor/jetpack-autoloader/class-php-autoloader.php
+1 −1 vendor/jetpack-autoloader/class-plugin-locator.php
+1 −1 vendor/jetpack-autoloader/class-plugins-handler.php
+1 −1 vendor/jetpack-autoloader/class-shutdown-handler.php
+1 −1 vendor/jetpack-autoloader/class-version-loader.php
+1 −1 vendor/jetpack-autoloader/class-version-selector.php
4 changes: 2 additions & 2 deletions jetpack.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* Plugin URI: https://jetpack.com
* Description: Security, performance, and marketing tools made by WordPress experts. Jetpack keeps your site protected so you can focus on more important things.
* Author: Automattic
* Version: 12.7
* Version: 12.7.1
* Author URI: https://jetpack.com
* License: GPL2+
* Text Domain: jetpack
Expand Down Expand Up @@ -34,7 +34,7 @@ function vip_default_jetpack_version() {
return '12.5';
} else {
// WordPress 6.2 and newer.
return '12.7';
return '12.7.1';
}
}

Expand Down
29 changes: 0 additions & 29 deletions misc.php
Original file line number Diff line number Diff line change
Expand Up @@ -132,35 +132,6 @@ function _vip_filter_rest_url_for_ssl( $url ) {
return $url;
}


function wpcom_vip_query_log() {
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$request_uri = $_SERVER['REQUEST_URI'] ?? '';
if ( '/cache-healthcheck?' === $request_uri ) {
return;
}

// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended
$action = $_REQUEST['action'] ?? 'N/A';
$num_queries = count( $GLOBALS['wpdb']->queries );
// phpcs:ignore WordPress.PHP.DevelopmentFunctions
error_log( 'WPCOM VIP Query Log for ' . $request_uri . ' (action: ' . $action . ') ' . $num_queries . 'q: ' . PHP_EOL . print_r( $GLOBALS['wpdb']->queries, true ) );
}

/**
* Think carefully before enabling this on a production site. Then
* if you still want to do it, think again, and talk it over with
* someone else.
*/
if ( defined( 'WPCOM_VIP_QUERY_LOG' ) && WPCOM_VIP_QUERY_LOG ) {
if ( ! defined( 'SAVEQUERIES' ) || ! SAVEQUERIES ) {
define( 'SAVEQUERIES', true );
}
// For hyperdb, which doesn't use SAVEQUERIES
$GLOBALS['wpdb']->save_queries = SAVEQUERIES;
add_action( 'shutdown', 'wpcom_vip_query_log' );
}

/**
* Improve perfomance of the `_WP_Editors::wp_link_query` method
*
Expand Down
6 changes: 3 additions & 3 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions search/search-dev-tools/package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

46 changes: 41 additions & 5 deletions security/login-error.php
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
<?php
namespace Automattic\VIP\Security;

use WP_Error;

/**
* Use a login message that does not reveal the type of login error in an attempted brute-force.
*
*
* @param string $error Login error message.
*
*
* @return string $error Login error message.
*
*
* @since 1.1
*/
function use_ambiguous_login_error( $error ): string {
Expand All @@ -17,6 +19,14 @@ function use_ambiguous_login_error( $error ): string {
return (string) $error;
}

// For lostpassword action, use different message.
if ( isset( $_GET['action'] ) && 'lostpassword' === $_GET['action'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
return esc_html__(
'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.',
'vip'
);
}

$err_codes = $errors->get_error_codes();

$err_types = [
Expand All @@ -28,12 +38,38 @@ function use_ambiguous_login_error( $error ): string {

foreach ( $err_types as $err ) {
if ( in_array( $err, $err_codes, true ) ) {
$error = '<strong>Error</strong>: The username/email address or password is incorrect. Please try again.';
$error = '<strong>' . esc_html__( 'Error', 'vip' ) . '</strong>: ' .
esc_html__( 'The username/email address or password is incorrect. Please try again.', 'vip' );
break;
}
}

return (string) $error;
}

add_filter( 'login_errors', __NAMESPACE__ . '\use_ambiguous_login_error', 99, 1 );

/**
* Use a message that does not reveal the type of login error in an attempted brute-force on forget password.
*
* @param WP_Error $errors WP Error object.
*
* @return WP_Error $errors WP Error object.
*
* @since 1.1
*/
function use_ambiguous_confirmation( $errors ): WP_Error {
if ( isset( $_GET['checkemail'] ) && 'confirm' === $_GET['checkemail'] ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
$messages = $errors->get_error_messages( 'confirm' );
if ( ! empty( $messages ) ) {
$errors->remove( 'confirm' );
$errors->add(
'confirm',
esc_html__( 'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.', 'vip' ),
'message'
);
}
}

return $errors;
}
add_filter( 'wp_login_errors', __NAMESPACE__ . '\use_ambiguous_confirmation', 99 );
16 changes: 16 additions & 0 deletions tests/mock-constants.php
Original file line number Diff line number Diff line change
Expand Up @@ -200,3 +200,19 @@ function constant( $constant ) {
return Constant_Mocker::constant( $constant );
}
}

namespace Automattic\VIP\Mail {
use Automattic\Test\Constant_Mocker;

function define( $constant, $value ) {
return Constant_Mocker::define( $constant, $value );
}

function defined( $constant ) {
return Constant_Mocker::defined( $constant );
}

function constant( $constant ) {
return Constant_Mocker::constant( $constant );
}
}
59 changes: 59 additions & 0 deletions tests/security/test-login-error.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
<?php

namespace Automattic\VIP\Security;

use WP_Error;
use WP_UnitTestCase;

class Login_Error_Test extends WP_UnitTestCase {
public function tearDown(): void {
global $errors;

unset( $errors );
parent::tearDown();
}

public function test_has_filters(): void {
self::assertEquals( 99, has_filter( 'login_errors', __NAMESPACE__ . '\use_ambiguous_login_error' ) );
self::assertEquals( 99, has_filter( 'wp_login_errors', __NAMESPACE__ . '\use_ambiguous_confirmation' ) );
}

public function test_use_ambiguous_confirmation(): void {
$errors = new WP_Error();
$errors->add(
'confirm',
sprintf(
'Check your email for the confirmation link, then visit the <a href="%s">login page</a>.',
wp_login_url()
),
'message'
);

$_GET['checkemail'] = 'confirm';
$actual = apply_filters( 'wp_login_errors', $errors, admin_url() );

self::assertInstanceOf( WP_Error::class, $actual );
self::assertContains(
'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.',
$actual->get_error_messages( 'confirm' )
);
}

public function test_ambiguous_reset(): void {
global $errors;

$message = 'Something went terribly wrong';

// phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited
$errors = new WP_Error();
$errors->add( 'error', $message );

$_GET['action'] = 'lostpassword';

$actual = apply_filters( 'login_errors', $message );
self::assertSame(
'If there is an account associated with the username/email address, you will receive an email with a link to reset your password.',
$actual
);
}
}
2 changes: 1 addition & 1 deletion tests/test-jetpack.php
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ public function test__vip_default_jetpack_version() {
global $wp_version;
$saved_wp_version = $wp_version;

$latest = '12.7';
$latest = '12.7.1';

$versions_map = [
// WordPress version => Jetpack version
Expand Down
Loading
Loading