Comments (3)
danielbachhuber
commented on September 21, 2024
Why?
from checksum-command.
schlessera
commented on September 21, 2024
That would open up a potential security vulnerability, where an attacker would not only upload malicious files, but also a .distignore file to ignore the newly added files.
In general, I think that the files that are found in .distignore should not be part of the packaged release (that is the point of that file), so they should not appear either in the generated checksums nor in the installation to check. Otherwise, I would expect a warning indeed, as my installation does not match what was released.
from checksum-command.
Nikschavan
commented on September 21, 2024
I was suggesting a list of known files that would be ignored from the code of the command instead of reading the local .distignore from the plugin. something like the plugin-distignore.mustache.
But I agree with @schlessera
so they should not appear either in the generated checksums nor in the installation to check. Otherwise, I would expect a warning indeed, as my installation does not match what was released.
from checksum-command.
Related Issues (20)
- flags ancient files as "should not exist" but should flag as "deprecated, can be deleted" HOT 1
- `Could not retrieve the checksums` still visible with `--skip-plugins=<plugin-name>` HOT 5
- Add `--version` param to `wp plugin verify-checksums` HOT 2
- wp-cli core verify-checksums does not check extra themes HOT 2
- During plugin verify-checksum, failed plugins should be listed HOT 2
- --include-root does not work HOT 1
- Adding an exclusion option to `wp core verify-checksums` ? HOT 1
- Add command to check themes integrity in WP-CLI HOT 1
- Verification checks skipped when plugin missing main PHP file HOT 1
- wp core verify-checksums problem with wp 6.6 HOT 1
- Plugin
- WordPress installation doesn't verify against checksums HOT 4
- Flag presence of unexpected files HOT 11
- Add an option to skip additional files check HOT 2
- Core verify-checksums command doesn't catch added files at ABSPATH directory HOT 3
- Flag to turn warnings into errors HOT 1
- Random messages: Could not retrieve the checksums for version x.y.z of plugin-name HOT 7
- Warning: Could not retrieve the checksums HOT 1
- Error: RuntimeException: Failed to get url when using `wp core verify-checksums` HOT 6
- Add --format argument to `wp core verify-checksums` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from checksum-command.