Skip to content

Commit e130521

Browse files
john-shafferjohn-shaffer
committed
Add escaping for exception messages
The Plugin Check Plugin for the wordpress.org repository requires us to escape exception messages. This is a bad idea because we should (and do) escape output later than that. See WordPress/WordPress-Coding-Standards#2374 But since it's required, I added a constant that will enable the escaping just for the WP.org release.
1 parent e560308 commit e130521

19 files changed

Lines changed: 147 additions & 46 deletions

release/github/constants.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,9 @@
88
* a feature is disabled.
99
*/
1010

11+
// See https://github.com/WordPress/WordPress-Coding-Standards/issues/2374
12+
define( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS', false );
13+
1114
// Disable the use of functions that wordpress.org requires
1215
// but we would not use when we aren't forced to.
1316
// e.g. using wp_rand instead of mt_rand in a context

release/wp-org/constants.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,9 @@
1616
// rather than direct file access.
1717
define( 'STATIC_DEPLOY_DIRECT_FILE_ACCESS', false );
1818

19+
// This is required to pass Plugin Check Plugin
20+
define( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS', true );
21+
1922
// Force the use of functions that wordpress.org requires
2023
// but we would not use when we aren't forced to.
2124
// e.g. using wp_rand instead of mt_rand in a context

src/Db.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,11 @@ public static function query(
101101
}
102102
return $on_error( $wpdb->last_error ) || false;
103103
}
104-
throw WsLog::ex( 'Error in query: ' . $wpdb->last_error );
104+
$msg = 'Error in query: ' . $wpdb->last_error;
105+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
106+
throw WsLog::ex( esc_html( $msg ) );
107+
}
108+
throw WsLog::ex( $msg );
105109
}
106110

107111
/**

src/DetectSitemapsURLs.php

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -165,6 +165,11 @@ public static function detect( string $wp_site_url ): \Iterator {
165165
}
166166
}
167167
} catch ( StaticDeployException $e ) {
168+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
169+
// We can't use the parent exception due to
170+
// https://github.com/WordPress/WordPress-Coding-Standards/issues/2447
171+
throw WsLog::ex( esc_html( $e->getMessage() ) );
172+
}
168173
throw WsLog::ex( $e->getMessage(), 0, $e );
169174
}
170175
}

src/FilesHelper.php

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,12 @@ public static function deleteDirWithFiles( string $dir ): void {
5959
$dir_files = scandir( $dir );
6060

6161
if ( ! $dir_files ) {
62-
$err = 'Trying to delete nonexistent dir: ' . $dir;
63-
throw WsLog::ex( $err );
62+
$msg = 'Trying to delete nonexistent dir: ' . $dir;
63+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
64+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
65+
throw WsLog::ex( esc_html( $msg ) );
66+
}
67+
throw WsLog::ex( $msg );
6468
}
6569

6670
$files = array_diff( $dir_files, [ '.', '..' ] );
@@ -267,9 +271,12 @@ public static function writePathInfo(
267271
$result = copy( $path_info->filename, $full_path );
268272
}
269273
} else {
270-
throw WsLog::ex(
271-
'No contents found for PathInfo: ' . json_encode( $path_info )
272-
);
274+
$msg = 'No contents found for PathInfo: ' . json_encode( $path_info );
275+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
276+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
277+
throw WsLog::ex( esc_html( $msg ) );
278+
}
279+
throw WsLog::ex( $msg );
273280
}
274281
} catch ( \Throwable $e ) {
275282
if ( file_exists( $full_path ) ) {

src/Local/LocalDeployer.php

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,12 @@ public function uploadFilesIter( \Iterator $path_infos ): void {
5656
$out_dir = FilesHelper::normalizePath( $out_dir );
5757
if ( ! is_dir( $out_dir ) ) {
5858
if ( ! FilesHelper::createDir( $out_dir ) ) {
59-
throw WsLog::ex( 'Failed to create local deployment directory: ' . $out_dir );
59+
$msg = 'Failed to create local deployment directory: ' . $out_dir;
60+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
61+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
62+
throw WsLog::ex( esc_html( $msg ) );
63+
}
64+
throw WsLog::ex( $msg );
6065
}
6166
}
6267
$out_dir = realpath( $out_dir );
@@ -75,9 +80,13 @@ public function uploadFilesIter( \Iterator $path_infos ): void {
7580
}
7681

7782
if ( mb_strpos( (string) $out_dir, (string) $site_dir ) === 0 ) {
78-
throw WsLog::ex(
79-
'Local deployment directory must be outside of the WordPress directory: ' . $out_dir
80-
);
83+
$msg = 'Local deployment directory must be outside of the WordPress directory: '
84+
. $out_dir;
85+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
86+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
87+
throw WsLog::ex( esc_html( $msg ) );
88+
}
89+
throw WsLog::ex( $msg );
8190
}
8291

8392
WsLog::l( 'Deploying to ' . $out_dir );

src/Memcached.php

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -103,10 +103,12 @@ public static function doCommand(
103103
$error_message = null;
104104
$sock = self::getSocket( $mc, $error_code, $error_message );
105105
if ( ! $sock ) {
106-
throw WsLog::ex(
107-
'Failed to connect to Memcached: ' .
108-
$error_code . ' ' . $error_message
109-
);
106+
$msg = 'Failed to connect to Memcached: ' .
107+
$error_code . ' ' . $error_message;
108+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
109+
throw WsLog::ex( esc_html( $msg ) );
110+
}
111+
throw WsLog::ex( $msg );
110112
}
111113

112114
$result = stream_socket_sendto( $sock, $command . "\r\n" );

src/OptionData.php

Lines changed: 27 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -35,17 +35,23 @@ public function __construct(
3535

3636
if ( $option_spec->hasBlobValue() ) {
3737
if ( $blob_value === null ) {
38-
throw WsLog::ex(
39-
'Option ' . $option_spec->name .
40-
' must have a blob value, but a blob value was not provided.'
41-
);
38+
$msg = 'Option ' . $option_spec->name .
39+
' must have a blob value, but a blob value was not provided.';
40+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
41+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
42+
throw WsLog::ex( esc_html( $msg ) );
43+
}
44+
throw WsLog::ex( $msg );
4245
}
4346
} else {
4447
if ( $blob_value !== null && $blob_value !== '' ) {
45-
throw WsLog::ex(
46-
'Option ' . $option_spec->name .
47-
' cannot have a blob value, but a blob value was provided.'
48-
);
48+
$msg = 'Option ' . $option_spec->name .
49+
' cannot have a blob value, but a blob value was provided.';
50+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
51+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
52+
throw WsLog::ex( esc_html( $msg ) );
53+
}
54+
throw WsLog::ex( $msg );
4955
}
5056
// We get blank strings instead of null from MySQL,
5157
// so we have to set null ourselves.
@@ -174,9 +180,12 @@ public static function fromUserInput(
174180
case 'object':
175181
$json = json_decode( stripcslashes( strval( $user_input ) ) );
176182
if ( ! is_object( $json ) ) {
177-
throw WsLog::ex(
178-
'Option ' . $option_spec->name . ' must be an object.'
179-
);
183+
$msg = 'Option ' . $option_spec->name . ' must be an object.';
184+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
185+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
186+
throw WsLog::ex( esc_html( $msg ) );
187+
}
188+
throw WsLog::ex( $msg );
180189
}
181190
$blob_value = json_encode( $json );
182191
$value = '1';
@@ -189,10 +198,13 @@ public static function fromUserInput(
189198
$value = esc_url_raw( strval( $user_input ) );
190199
break;
191200
default:
192-
throw WsLog::ex(
193-
'Unknown option type: ' . $option_spec->type
194-
. ' for option: ' . $option_spec->name
195-
);
201+
$msg = 'Unknown option type: ' . $option_spec->type
202+
. ' for option: ' . $option_spec->name;
203+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' )
204+
&& STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
205+
throw WsLog::ex( esc_html( $msg ) );
206+
}
207+
throw WsLog::ex( $msg );
196208
}
197209

198210
return new self(

src/OptionSpec.php

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,9 +38,11 @@ public function __construct(
3838
public readonly ?string $wp2static_table = null,
3939
) {
4040
if ( $allowed_values !== null && ! in_array( $default_value, $allowed_values ) ) {
41-
throw WsLog::ex(
42-
"Default value $default_value not in allowed values for option $name"
43-
);
41+
$msg = "Default value $default_value not in allowed values for option $name";
42+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
43+
throw WsLog::ex( esc_html( $msg ) );
44+
}
45+
throw WsLog::ex( $msg );
4446
}
4547

4648
if ( $input_type === null && $allowed_values !== null ) {

src/Options.php

Lines changed: 10 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -455,8 +455,11 @@ public static function getValue( string $name ): string {
455455
$option_spec = self::optionSpecs()[ $name ];
456456

457457
if ( ! $option_spec ) {
458-
WsLog::d( "Unknown option: $name" );
459-
throw new StaticDeployException( "Unknown option: $name" );
458+
$msg = "Unknown option: $name";
459+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
460+
throw WsLog::ex( esc_html( $msg ) );
461+
}
462+
throw WsLog::ex( $msg );
460463
}
461464

462465
return self::getOption( $option_spec )->value;
@@ -476,7 +479,11 @@ public static function getBlobValue( string $name ): string {
476479
$option_spec = self::optionSpecs()[ $name ];
477480

478481
if ( ! $option_spec ) {
479-
throw WsLog::ex( "Unknown option: $name" );
482+
$msg = "Unknown option: $name";
483+
if ( defined( 'STATIC_DEPLOY_ESCAPE_EXCEPTIONS' ) && STATIC_DEPLOY_ESCAPE_EXCEPTIONS ) {
484+
throw WsLog::ex( esc_html( $msg ) );
485+
}
486+
throw WsLog::ex( $msg );
480487
}
481488

482489
return self::getOption( $option_spec )->blob_value;

0 commit comments

Comments
 (0)