ClassicPress / ClassicPress-Migration-Plugin

Switch your WordPress installation to ClassicPress.
Other
27 stars 20 forks source link

Plugin conflicts: "verify core files" plugins #33

Open nylen opened 6 years ago

nylen commented 6 years ago

For example, WordFence has this option (exact wording may be different):

Scan Options → General Options → Scan core files against repository versions for changes

Makes sense, because WordFence will key off the $wp_version of 4.9.8 and do its checks based on that.

What other plugins face similar issues?

dixonge commented 6 years ago

Here is the relevant section of wordfenceScanner.php - will need to point the API request elsewhere?

  /**
     * Queries the is_safe_file endpoint. If provided an array, it does a bulk check and returns an array containing the
     * hashes that were marked as safe. If provided a string, it returns a boolean to indicate the safeness of the file.
     *
     * @param string|array $shac
     * @return array|bool
     */
    private function isSafeFile($shac) {
        if(! $this->api){
            $this->api = new wfAPI($this->apiKey, $this->wordpressVersion);
        }

        if (is_array($shac)) {
            $result = $this->api->call('is_safe_file', array(), array('multipleSHAC' => json_encode($shac)));
            if (isset($result['isSafe'])) {
                return $result['isSafe'];
            }
            return array();
        }

        $result = $this->api->call('is_safe_file', array(), array('shac' => strtoupper($shac)));
        if(isset($result['isSafe']) && $result['isSafe'] == 1){
            return true;
        }
        return false;
    }

    /**
     * @param string $file
     * @return array
     */
    private function dataForFile($file, $fullPath = null) {
        $loader = $this->scanEngine->getKnownFilesLoader();
        $data = array();
        if ($isKnownFile = $loader->isKnownFile($file)) {
            if ($loader->isKnownCoreFile($file)) {
                $data['cType'] = 'core';
nylen commented 6 years ago

That's one thing we could do, but it's likely to be a good bit of work, and fragile if WordFence changes the way their checks work. We could also ask them nicely to add support for ClassicPress.