Skip to content

Check Direct File Access #1133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
davidperezgar wants to merge 4 commits into
base: trunk
Choose a base branch
from
Open

Check Direct File Access #1133

davidperezgar wants to merge 4 commits into from

Conversation

@davidperezgar
Copy link
Member

@davidperezgar davidperezgar commented Dec 17, 2025
edited
Loading

This check is based on the code that @frantorres created for the Internal Scanner.
There are many cases based on past experience.
Fixes #603

@davidperezgar davidperezgar linked an issue Dec 17, 2025 that may be closed by this pull request
Check: Allowing Direct File Access to plugin files #603
Open
@github-actions
Copy link

github-actions bot commented Dec 17, 2025
edited
Loading

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: davidperezgar <davidperez@git.wordpress.org>
Co-authored-by: ernilambar <nilambar@git.wordpress.org>
Co-authored-by: swissspidy <swissspidy@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

@davidperezgar davidperezgar added this to the 1.8.0 milestone Dec 20, 2025
ernilambar
ernilambar reviewed Dec 24, 2025
View reviewed changes
includes/Checker/Checks/Plugin_Repo/Direct_File_Access_Check.php
* @param string $plugin_path The plugin path.
* @return bool True if the file is uninstall.php, false otherwise.
*/
private function is_uninstall_file( $file, $plugin_path ) {
Copy link
Member

@ernilambar ernilambar Dec 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Logic for checking uninstall file seems to complex. In "Plugin_Uninstall_Check.php" it is pretty simple. What do you think?

ernilambar
ernilambar reviewed Dec 24, 2025
View reviewed changes
includes/Checker/Checks/Plugin_Repo/Direct_File_Access_Check.php
*
* Every check must have at least one category.
*
* @since n.e.x.t
Copy link
Member

@ernilambar ernilambar Dec 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* @since n.e.x.t
* @since 1.8.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ernilambar ernilambar ernilambar left review comments

@frantorres frantorres Awaiting requested review from frantorres frantorres is a code owner

@chriscct7 chriscct7 Awaiting requested review from chriscct7 chriscct7 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.8.0

Development

Successfully merging this pull request may close these issues.

Check: Allowing Direct File Access to plugin files

3 participants

@davidperezgar @ernilambar