Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare for publishing #3

Merged
merged 2 commits into from
May 27, 2024
Merged

Prepare for publishing #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a63f78e
Prepare for publishing
balexey88 May 27, 2024
cc008f7
Merge pull request #2 from udx/develop-alexey
balexey88 May 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 152 additions & 0 deletions .github/workflows/publish-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
name: Publish Release
run-name: Publish Release

on:
workflow_dispatch:
inputs:
release:
description: 'Release version (e.g. 1.2.3)'
required: true
prerelease:
description: 'Pre-release version (e.g. RC1, beta, etc...)'
required: false

permissions:
contents: write

env:
TAG: ${{ github.event.inputs.release }}
PRETAG: ${{ github.event.inputs.prerelease }}
BRANCH: temp-release-${{ github.event.inputs.release }}

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Prepare vars
id: vars
uses: actions/github-script@v7
with:
script: |
const full_tag = [
process.env.TAG,
process.env.PRETAG
].filter(Boolean).join('-');
const branch = `temp-release-${full_tag}`;
const is_prerelease = !!process.env.PRETAG;

core.setOutput('full_tag', full_tag );
core.setOutput('branch', branch );
core.setOutput('is_prerelease', is_prerelease );

# 'ref' and 'repository' are required, otherwise repo could appear in detached head state
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
repository: ${{ github.repository }}

- name: Parse Changelog Entries
uses: actions/github-script@v7
id: changelog
with:
script: |
const { open } = require('fs/promises');

const version = process.env.TAG;
const delimiter = '#### ';
const file = await open('./changes.md');

let description = [];
let found = false;

for await (let line of file.readLines()) {
line = line.trim();

if ( line.startsWith(`${delimiter}${version}`) ) {
found = true;
continue;
}

if (!found) continue;
if ( line.startsWith(delimiter) ) break;

description.push(line);
}

if ( !description.length ) core.setFailed(`Release ${version} not found in the changelog!`);

core.setOutput('description', description.join('\n') );


# cleanup files that are not needed for the release
# but keep the .git folder, because we need it for the next step
- name: Cleanup files
run: |
rm -f composer.lock || true
rm -rf tests || true
rm -rf vendor/bin || true
rm -rf vendor/composer/installers || true
find ./ -name '.git*' -not -path './.git' -type f -delete || true
find ./ -name '.git*' -not -path './.git' -type d -exec rm -rf {} \; || true
find ./vendor -name .svn -exec rm -rf {} \; || true

# cleanup files, specific to Google API PHP library
- name: Cleanup files for Google API library
run: |
rm -f lib/Google/phpstan.neon.dist || true
rm -f lib/Google/vendor/paragonie/random_compat/build-phar.sh || true
find ./lib/Google/ -name '.repo-metadata.json' -type f -delete || true
find ./lib/Google/vendor -name .svn -exec rm -rf '{}' \; || true

# commit changes to temporary release branch and create a new tag
- name: Commit changes
uses: EndBug/add-and-commit@v9
with:
message: Cleanup files for release
new_branch: ${{ steps.vars.outputs.branch }}
tag: ${{ steps.vars.outputs.full_tag }}

# generate SBOM that will be attached to a release as an artifact
- name: Create SBOM
id: sbom
uses: anchore/sbom-action@v0
with:
path: .
output-file: sbom.spdx.json
format: spdx-json

# create a draft release with the version changelog as a description
- name: Create Draft Release
id: draft_release
uses: softprops/action-gh-release@v2
with:
name: "Release ${{ steps.vars.outputs.full_tag }}"
body: "${{ steps.changelog.outputs.description }}"
tag_name: ${{ steps.vars.outputs.full_tag }}
draft: true
prerelease: ${{ steps.vars.outputs.is_prerelease }}

# attach SBOM to release
- name: Upload SBOM to release
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.draft_release.outputs.upload_url }}
asset_path: ./sbom.spdx.json
asset_name: sbom.spdx.json
asset_content_type: application/json

# publish release using an ID from the 'draft_release' step
- name: Publish Release
uses: eregon/publish-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
release_id: ${{ steps.draft_release.outputs.id }}

# delete temporary release branch
- name: Delete temporary release branch
run: |
git push origin --delete ${{ steps.vars.outputs.branch }}
2 changes: 0 additions & 2 deletions .github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@ name: Tests

on:
push:
branches: [main]
pull_request:
branches: [main]

jobs:
build:
Expand Down
23 changes: 23 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Policy Overview

Thank you for using and contributing to our product. At [UDX](https://udx.io), we take the security of our products seriously and appreciate collaborative efforts to ensure the safety of our users and contributors.

## Reporting a Security Vulnerability

**Please do not report security vulnerabilities through public GitHub issues.**

If you find a security vulnerability, please [submit a vulnerability report](https://github.com/udx/wp-stateless-gravity-forms-signature-addon/security/advisories/new). Provide detailed information about the vulnerability to help us understand and address the issue promptly. We kindly request that you avoid public disclosure until we've had the opportunity to analyze and resolve the reported issue.

## Responsible Disclosure

Responsible disclosure is crucial to maintaining the security of our product. We ask for your cooperation in allowing us sufficient time to investigate and address the reported vulnerability before making it public. We will keep you informed of our progress and make every effort to address the issue promptly.

## Supported Versions

Security updates are provided for the latest stable release. Please ensure that you are using a supported version before reporting a security vulnerability.

## Contact Information

For security-related matters, please contact our security team at [[email protected]](mailto:[email protected]). For general inquiries, feature requests, and other non-security-related discussions, please use our regular [issue tracker](https://github.com/udx/wp-stateless-gravity-forms-signature-addon/issues).

Thank you for helping us ensure the security of WP-Stateless - Gravity Forms Signature Addon. Your contributions are greatly appreciated.
101 changes: 59 additions & 42 deletions class-gravity-forms-signature.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,15 @@
<?php

namespace WPSL\GravityFormSignature;
namespace SLCA\GravityFormSignature;

use wpCloud\StatelessMedia\Compatibility;

/**
* Class GravityFormSignature
*/
class GravityFormSignature extends Compatibility {
const GF_SIGNATURE_PATH = 'gravity_forms/signatures/';

protected $id = 'gravity-form-signature';
protected $title = 'Gravity Forms Signature Add-On';
protected $constant = 'WP_STATELESS_COMPATIBILITY_GF_SIG';
Expand All @@ -16,10 +21,14 @@ class GravityFormSignature extends Compatibility {
* @param $sm
*/
public function module_init($sm) {
$this->plugin_version = defined('GF_SIGNATURE_VERSION') ? GF_SIGNATURE_VERSION : '';

add_filter('gform_save_field_value', array($this, 'gform_save_field_value'), 10, 5);
add_filter('site_url', array($this, 'signature_url'), 10, 4);
add_filter('gform_signature_delete_file_pre_delete_entry', array($this, 'delete_signature'), 10, 4);
add_filter('gform_signature_url', array($this, 'get_signature_url'), 10, 4);

add_filter('sm:sync::syncArgs', array($this, 'sync_args'), 10, 4);

}

/**
Expand All @@ -35,48 +44,37 @@ public function gform_save_field_value($value, $lead, $field, $form, $input_id)
if (empty($value)) return $value;

$type = \GFFormsModel::get_input_type($field);

if ($type == 'signature') {
/**
* Compatibility for Signature addon.
*/
$is_stateless = ud_get_stateless_media()->get('sm.mode') === 'stateless';

try {
$folder = \GFSignature::get_signatures_folder();
$file_path = $folder . $value;

$name = apply_filters('wp_stateless_file_name', $file_path, false);
do_action('sm:sync::syncFile', $name, $file_path, true);
} catch (\Throwable $th) {
//throw $th;
}
}
return $value;
}
// For stateless mode there is no way to override signature upload path in GFSignature::get_signatures_folder()
// so we have to move the file to the proper location
if ( $is_stateless ) {
$old_path = $file_path;
$file_path = ud_get_stateless_media()->get_gs_path() . '/' . self::GF_SIGNATURE_PATH . $value;

/**
* [older version of Gravity Forms Signature]
* Currently there is no way to filter signature url. So instead we are filtering site_url function
* with help of debug backtrace.
*
* Also doing sync on the fly for previous entries.
*/
public function signature_url($url, $path, $scheme, $blog_id) {
try {
$db = debug_backtrace(false, 7);
foreach ($db as $key => $value) {
if ($value['function'] == 'get_signature_url' && rgar($value, 'class') == 'GFSignature') {
$folder = \GFSignature::get_signatures_folder();
$name = $value['args'][0];
$file_path = $folder . $name . '.png';
$name = apply_filters('wp_stateless_file_name', $file_path);
do_action('sm:sync::syncFile', $name, $file_path);
$url = ud_get_stateless_media()->get_gs_host() . '/' . $name;
break;
if ( !class_exists('\WP_Filesystem_Direct') ) {
require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-base.php');
require_once(ABSPATH . 'wp-admin/includes/class-wp-filesystem-direct.php');
}

$filesystem = new \WP_Filesystem_Direct( false );
$res = $filesystem->move($old_path, $file_path, true);
}

$name = self::GF_SIGNATURE_PATH . $value;
$name = apply_filters('wp_stateless_file_name', $name, 0);

do_action( 'sm:sync::syncFile', $name, $file_path, true );
} catch (\Throwable $th) {
}
} catch (\Throwable $th) {
//throw $th;
}
return $url;
return $value;
}

/**
Expand All @@ -103,7 +101,6 @@ public function get_signature_url($url, $filename, $form_id, $field_id) {
$url = ud_get_stateless_media()->get_gs_host() . '/' . $name;
}
} catch (\Throwable $th) {
//throw $th;
}

return $url;
Expand All @@ -115,16 +112,36 @@ public function get_signature_url($url, $filename, $form_id, $field_id) {
public function delete_signature($return, $form, $lead_id, $field_id) {
try {
$lead = \RGFormsModel::get_lead($lead_id);
$folder = \GFSignature::get_signatures_folder();

$name = rgar($lead, $field_id);
$file_path = $folder . $name;

$name = apply_filters('wp_stateless_file_name', $file_path);
do_action('sm:sync::deleteFile', $name);
do_action('sm:sync::deleteFile', self::GF_SIGNATURE_PATH . $name);
} catch (\Throwable $th) {
//throw $th;
}
return $return;
}

/**
* Update args when uploading/syncing GF file to GCS.
*
* @param array $args
* @param string $name
* @param string $file
* @param bool $force
*
* @return array
*/
public function sync_args($args, $name, $file, $force) {
if ( strpos($name, self::GF_SIGNATURE_PATH) === false ) {
return $args;
}

if ( ud_get_stateless_media()->is_mode('stateless') ) {
$args['name_with_root'] = false;
}

$args['source'] = 'Gravity Forms Signature';
$args['source_version'] = $this->plugin_version;

return $args;
}
}
Loading
Loading