From 92a9e5777a6d5c5146ff48c90a158b5a1fc7042c Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Tue, 4 Jul 2023 14:19:52 -0500 Subject: [PATCH 1/8] docs(git): adding git docs & updating the readme --- .github/CODEOWNERS | 2 + .github/ISSUE_TEMPLATE/1-bug-report.yml | 70 ++++++++++++++++++++++ .github/ISSUE_TEMPLATE/2-enhancement.yml | 44 ++++++++++++++ .github/ISSUE_TEMPLATE/3-help.yml | 23 +++++++ .github/ISSUE_TEMPLATE/bug_report.md | 38 ------------ .github/PULL_REQUEST_TEMPLATE.md | 44 ++++++++++++++ .github/SAVED_REPLIES.md | 75 +++++++++++++++++++++++ .github/dependency-review-config.yml | 55 +++++++++++++++++ .github/workflows/stale_repos.yml | 28 +++++++++ CODE_OF_CONDUCT.md | 76 ++++++++++++++++++++++++ CONTRIBUTING.md | 51 ++++++++++++++++ README.md | 55 +++++++++++++++++ SECURITY.md | 48 +++++++++++++++ readme.txt | 69 +++++++++------------ 14 files changed, 598 insertions(+), 80 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/ISSUE_TEMPLATE/1-bug-report.yml create mode 100644 .github/ISSUE_TEMPLATE/2-enhancement.yml create mode 100644 .github/ISSUE_TEMPLATE/3-help.yml delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/SAVED_REPLIES.md create mode 100644 .github/dependency-review-config.yml create mode 100644 .github/workflows/stale_repos.yml create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 README.md create mode 100644 SECURITY.md diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..62a71e3 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. Unless a later match takes precedence, @bmarshall511, as primary maintainer will be requested for review when someone opens a Pull Request. +* @bmarshall511 diff --git a/.github/ISSUE_TEMPLATE/1-bug-report.yml b/.github/ISSUE_TEMPLATE/1-bug-report.yml new file mode 100644 index 0000000..4109451 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-bug-report.yml @@ -0,0 +1,70 @@ +name: "\U0001F41B Bug report" +description: "Report a bug with this project." +labels: "type:bug" +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! Please fill in as much of the template below as you can. + - type: textarea + attributes: + label: Describe the bug + description: Please write a clear and concise description of the bug, including what you expect to happen and what is currently happening. + placeholder: | + Feature '...' is not working properly. I expect '...' to happen, but '...' happens instead + validations: + required: true + + - type: textarea + attributes: + label: Steps to Reproduce + description: Please write the steps needed to reproduce the bug. + placeholder: | + 1. Go to '...' + 2. Click on '...' + 3. Scroll down to '...' + 4. See error + validations: + required: true + + - type: textarea + attributes: + label: Screenshots, screen recording, code snippet + description: | + If possible, please upload a screenshot or screen recording which demonstrates the bug. You can use LIEcap to create a GIF screen recording: https://www.cockos.com/licecap/ + Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in. + For small snippets paste it directly here, or you can use GitHub Gist to share multiple code files: https://gist.github.com + Please ensure the shared code can be used by a developer to reproduce the issue—ideally it can be copied into a local development environment or executed in a browser console to help debug the issue + validations: + required: false + + - type: textarea + attributes: + label: Environment information + placeholder: | + - Device: + - OS: + - Browser and version: + validations: + required: false + + - type: textarea + attributes: + label: WordPress information + placeholder: | + + +
Site Health info: + +
+ validations: + required: false + + - type: checkboxes + id: terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our `Code of Conduct` (see the `CODE_OF_CONDUCT.md` file in the repo). + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/2-enhancement.yml b/.github/ISSUE_TEMPLATE/2-enhancement.yml new file mode 100644 index 0000000..8249187 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-enhancement.yml @@ -0,0 +1,44 @@ +name: "\U0001F680 Enhancement" +description: "Suggest an idea for this project." +labels: "type:enhancement" +body: + - type: markdown + attributes: + value: | + Thank you for suggesting an idea to make things better. Please fill in as much of the template below as you can. + - type: textarea + attributes: + label: Is your enhancement related to a problem? Please describe. + description: Please describe the problem you are trying to solve. + placeholder: | + I use this project as a `...` and I would like `...` so that `...describe benefit...`. + validations: + required: true + + - type: textarea + attributes: + label: Designs + description: | + If applicable, add mockups/screenshots/etc. to help explain your idea. + Tip: You can attach images or videos by clicking this area to highlight it and then dragging files in. + validations: + required: false + + - type: textarea + attributes: + label: Describe alternatives you've considered + description: | + Please describe alternative solutions or features you have considered. + placeholder: | + I have also considered `...describe alternative...`, however I feel that my solution described above is better because of `...reason...`. + validations: + required: false + + - type: checkboxes + id: terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our `Code of Conduct` (see the `CODE_OF_CONDUCT.md` file in the repo). + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/3-help.yml b/.github/ISSUE_TEMPLATE/3-help.yml new file mode 100644 index 0000000..38fc7de --- /dev/null +++ b/.github/ISSUE_TEMPLATE/3-help.yml @@ -0,0 +1,23 @@ +name: "❓ Need help?" +description: "Ask us a question, we are here to help!" +labels: "type:question" +body: + - type: markdown + attributes: + value: | + If you have a question that is neither a bug report nor an enhancement, then please post it here! Please fill in as much of the template below as you can. + - type: textarea + attributes: + label: Describe your question + description: A clear and concise description of what your question is. + validations: + required: true + + - type: checkboxes + id: terms + attributes: + label: Code of Conduct + description: By submitting this issue, you agree to follow our `Code of Conduct` (see the `CODE_OF_CONDUCT.md` file in the repo). + options: + - label: I agree to follow this project's Code of Conduct + required: true diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 0a28b1b..0000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,38 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: "[BUG]" -labels: bug -assignees: bmarshall511 - ---- - -**Describe the bug** -A clear and concise description of what the bug is. - -**To Reproduce** -Steps to reproduce the behavior: -1. Go to '...' -2. Click on '....' -3. Scroll down to '....' -4. See error - -**Expected behavior** -A clear and concise description of what you expected to happen. - -**Screenshots** -If applicable, add screenshots to help explain your problem. - -**Desktop (please complete the following information):** - - OS: [e.g. iOS] - - Browser [e.g. chrome, safari] - - Version [e.g. 22] - -**Smartphone (please complete the following information):** - - Device: [e.g. iPhone6] - - OS: [e.g. iOS8.1] - - Browser [e.g. stock browser, safari] - - Version [e.g. 22] - -**Additional context** -Add any other context about the problem here. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..2f833aa --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,44 @@ + + +### Description of the Change + + + +Closes # + +### How to test the Change + + +### Changelog Entry + +> Added - New feature +> Changed - Existing functionality +> Deprecated - Soon-to-be removed feature +> Removed - Feature +> Fixed - Bug fix +> Security - Vulnerability + + +### Credits + +Props @username, @username2, ... + + +### Checklist: + + +- [ ] I agree to follow this project's [**Code of Conduct**](https://github.com/Highfivery/.github/blob/trunk/CODE_OF_CONDUCT.md). +- [ ] I have updated the documentation accordingly. +- [ ] I have added tests to cover my change. +- [ ] All new and existing tests pass. diff --git a/.github/SAVED_REPLIES.md b/.github/SAVED_REPLIES.md new file mode 100644 index 0000000..a620ee0 --- /dev/null +++ b/.github/SAVED_REPLIES.md @@ -0,0 +1,75 @@ +# Highfivery Saved Replies + +In order to help reduce the time it takes to respond to open Issues and Pull Requests, we should leverage [GitHub’s Saved Replies](https://help.github.com/en/articles/about-saved-replies) to help when we are continually responding in the same manner. The following are various Saved Replies that the Highfivery team should use to respond to Issues and Pull Requests to ensure our community responses are similar and to minimize the amount of time crafting the same response to different requests. + +Since GitHub currently does not allow us to have a repository-wide or organization-wide list of [saved replies](https://help.github.com/articles/working-with-saved-replies/), these replies need to be maintained by individual team members. Since the replies can be modified in the future, all responses are versioned to simplify the process of keeping the replies up to date. + +While these Saved Replies attempt to give you the ability to quickly reply to Issues and Pull Requests, they are not meant to be the _exact_ response you should use every time. Consider customizing them to fit the context of the Issue or Pull Request contribution you are replying to. You will be best served by welcoming the contributor to the project (if its their first issue/PR), thanking them for their contribution, giving them context to your response (especially if you're closing their issue/PR), and noting next steps (e.g., issue milestoned for a specific release, open to them submitting a PR to resolve an issue, sending a PR to someone else to review). + +You can add these saved replies to [your personal GitHub account here](https://github.com/settings/replies). + +_Sources: [1](https://github.com/angular/angular/blob/master/docs/SAVED_REPLIES.md), [2](https://github.com/angular/angular-cli/blob/master/.github/SAVED_REPLIES.md), [3](https://github.com/prometheus/docs/blob/master/snippets/saved_replies.md), & [4](https://gist.github.com/jywarren/c9a80e0e53f42208974683aa01c623c8)._ + +## Issue: already fixed (v1) +``` +Thanks for filing this Issue! Fortunately it is now obsolete due to changes in a recent release. Please update to the most recent version to resolve the problem. + +If you are still having problems after updating, then please provide additional details for us to try and replicate your issue. +``` + +## Issue: don't understand (v1) +``` +I'm sorry but I don't understand the problem you are reporting. Would you please rephrase your issue so I can attempt to better understand it? +``` + +## Issue: can't reproduce (v1) +``` +Thanks for filing this Issue! Unfortunately I cannot reproduce the problem following the instructions you provided. We require that reported issues have reproduction steps that highlights the problem. + +If the problem still exists for you, then please include any additional information on how to reproduce it. +``` + +## Issue: behaving as expected (v1) +``` +It appears this behaves as expected. If you still feel there is an issue, please provide further details on your problem. +``` + +## Issue: template missing (v1) +``` +Thanks for filing this Issue! Please note that we have Issue templates for [bug](https://github.com/Highfivery/REPONAME/blob/develop/.github/ISSUE_TEMPLATE/1-bug-report.md), [enhancement](https://github.com/Highfivery/REPONAME/blob/develop/.github/ISSUE_TEMPLATE/2-enhancement.md), and [question](https://github.com/Highfivery/REPONAME/blob/develop/.github/ISSUE_TEMPLATE/3-help.md) requests. I would appreciate it if you could edit your Issue and add in the missing details. +``` + +## Issue: PR please? (v1) +``` +I would love your help on this Issue, would be happy to review a PR for it, and will attempt to provide any assistance you might need. +``` + +## Issue or PR: duplicate (v1) +``` +Thanks for filing this (issue, PR). However this is a duplicate of an existing (issue, PR) #NUMBER, so I'm closing this but if you think this was in error then don't hesitate to comment. Otherwise please subscribe to #NUMBER for future updates. +``` + +## Issue or PR: close as inactive (v1) +``` +I'm closing this issue due to inactivity, but please let me know if you're still having problems so I can try to help... thanks! +``` + +## Issue or PR: send for help! (v1) +``` +Thanks for filing this! Unfortunately I’m uncertain on how to proceed here, so I’m pinging (@maintainer) for their input. +``` + +## PR: merging and more (v1) +``` +This looks perfect, so I'll merge it. If you are looking for another challenge, then please take a look at our `help-wanted` list: https://github.com/Highfivery/REPONAME/labels/help-wanted. Thanks! +``` + +## PR: template missing (v1) +``` +Thanks for filing this PR! Please note that we have a [PR template](https://github.com/Highfivery/REPONAME/blob/develop/.github/PULL_REQUEST_TEMPLATE.md) that is required. I would appreciate it if you could edit your PR and add in the missing details. +``` + +## PR: missing related Issue (v1) +``` +Thanks for filing this PR! Please note that we require an Issue for each PR so that approach and other details can be discussed in the Issue while code review can happen in the PR. I would appreciate it if you could [open an Issue](https://github.com/Highfivery/REPONAME/issues/new/choose) and link it to this PR for further discussion. +``` diff --git a/.github/dependency-review-config.yml b/.github/dependency-review-config.yml new file mode 100644 index 0000000..a668159 --- /dev/null +++ b/.github/dependency-review-config.yml @@ -0,0 +1,55 @@ +name: GPL-Compatible License Policy + +# Possible values: "critical", "high", "moderate", "low" +# fail-on-severity: critical + +# You can only include one of these two options: `allow-licenses` and `deny-licences` + +# ([String]). Only allow these licenses (optional) +# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses +# The following list is an attempt to match exactly what's listed on https://www.gnu.org/licenses/license-list.html#GPLCompatibleLicenses as GPL Compatible (currently ignoring the FSF Free/Libre and OSI Approved column data from the SPDX License List at https://spdx.org/licenses/): +allow-licenses: +- 0BSD +- AGPL-3.0 +- AGPL-3.0-only +- Apache-2.0 +- Apache-2.0 AND Apache-2.0 WITH LLVM-exception +- Apache-2.0 WITH LLVM-exception +- Artistic-2.0 +- BSD-2-Clause +- BSD-3-Clause +- BSL-1.0 +- CC-BY-4.0 +- ECL-2.0 +- EFL-2.0 +- EUDatagrid +- GPL-2.0 +- GPL-2.0-only +- GPL-2.0-or-later +- GPL-3.0 +- GPL-3.0-only +- GPL-3.0-or-later +- HPND +- Intel +- ISC +- LGPL-3.0 +- LGPL-3.0-only +- LGPL-2.1 +- LGPL-2.1-only +- MIT +- MPL-2.0 +- NCSA +- Sleepycat +- Unlicense +- UPL-1.0 +- W3C +- Zlib +- ZPL-2.0 +# The following licenses fit the above criteria except they are not marked as FSF Free/Libre on the SPDX License List (https://spdx.org/licenses/): Unicode-DFS-2016 +# The following licenses fit the above criteria except they are not marked as OSI Approved on the SPDX License List (https://spdx.org/licenses/): ClArtistic, CECILL-2.0, BSD-3-Clause-Clear, FTL, iMatix, Imlib2, IJG, OLDAP-2.7, Ruby, SGI-B-2.0, SMLNJ, Vim, WTFPL, X11, XFree86-1.1 + +# ([String]). Block the pull request on these licenses (optional) +# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses +# The following list is an attempt to match exactly what's listed on https://www.gnu.org/licenses/license-list.html#GPLIncompatibleLicenses as GPL Incompatible: +# deny-licenses: AGPL-1.0, AGPL-1.0-only, AFL-1.1, AFL-1.2, AFL-2.0, AFL-2.1, AFL-3.0, Apache-1.1, Apache-1.0, APSL-2.0, BitTorrent-1.0, BSD-4-Clause, CECILL-B, CECILL-C, CDDL-1.0, CPAL-1.0, CPL-1.0, Condor-1.1, EPL-1.0, EPL-2.0, EUPL-1.1, EUPL-1.2, FDK-AAC, gnuplot, IPL-1.0, LPPL-1.3a, LPPL-1.2, LPL-1.02, MS-PL, MS-RL, MPL-1.1, NOSL, NPL-1.0, NPL-1.1, Nokia, OLDAP-2.3, OSL-1.0, OSL-1.1, OSL-2.0, OSL-2.1, OSL-3.0, OpenSSL, PHP-3.01, Python-2.0, QPL-1.0, RPSL-1.0, SISSL, SPL-1.0, xinetd, YPL-1.1, Zend-2.0, Zimbra-1.3, ZPL-1.1 +# The following list is an attempt, additionally, to match exactly what's listedn on https://www.gnu.org/licenses/license-list.html#NonFreeSoftwareLicenses as Nonfree: Aladdin, APSL-1.0, APSL-1.1, APSL-1.2, Artistic-1.0, CPOL-1.02, RHeCos-1.1, JSON, NASA-1.3, OPL-1.0, RPL-1.1, Watcom-1.0 diff --git a/.github/workflows/stale_repos.yml b/.github/workflows/stale_repos.yml new file mode 100644 index 0000000..8698689 --- /dev/null +++ b/.github/workflows/stale_repos.yml @@ -0,0 +1,28 @@ +name: Stale Repo Identifier + +on: + workflow_dispatch: + schedule: + - cron: '3 2 1 * *' + +jobs: + build: + name: stale repo identifier + runs-on: ubuntu-latest + + steps: + - name: Run stale_repos tool + uses: github/stale-repos@v1 + env: + GH_TOKEN: ${{ secrets.GH_PAT_REPO }} + ORGANIZATION: Zero Spam + EXEMPT_TOPICS: "keep,template" + INACTIVE_DAYS: 365 + + - name: Create issue + uses: peter-evans/create-issue-from-file@v4 + with: + title: Stale repository report + content-filepath: ./STALE_REPOS.md + assignees: bmarshall511 + token: ${{ secrets.GH_PAT_REPO }} diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..4057e46 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,76 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, sex characteristics, gender identity and expression, +level of experience, education, socio-economic status, nationality, personal +appearance, race, religion, or sexual identity and orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or + advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at info@highfivery.com. All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html + +[homepage]: https://www.contributor-covenant.org + +For answers to common questions about this code of conduct, see +https://www.contributor-covenant.org/faq diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..2a645ec --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,51 @@ +# Contributing and Maintaining + +First, thank you for taking the time to contribute! + +The following is a set of guidelines for contributors as well as information and instructions around our maintenance process. The two are closely tied together in terms of how we all work together and set expectations, so while you may not need to know everything in here to submit an issue or pull request, it's best to keep them in the same document. + +## Ways to contribute + +Contributing isn't just writing code - it's anything that improves the project. All contributions are managed right here on GitHub. Here are some ways you can help: + +### Reporting bugs + +If you're running into an issue, please take a look through [existing issues](/issues) and [open a new one](/issues/new) if needed. If you're able, include steps to reproduce, environment information, and screenshots/screencasts as relevant. + +### Suggesting enhancements + +New features and enhancements are also managed via [issues](/issues). + +### Pull requests + +Pull requests represent a proposed solution to a specified problem. They should always reference an issue that describes the problem and contains discussion about the problem itself. Discussion on pull requests should be limited to the pull request itself, i.e. code review. + +For more on how Highfivery writes and manages code, check out our [WordPress Coding Standards](https://developer.wordpress.org/coding-standards/wordpress-coding-standards/). + +## Workflow + +The `develop` branch is the development branch which means it contains the next version to be released. `stable` contains the current latest release and `trunk` contains the corresponding stable development version. Always work on the `develop` branch and open up PRs against `develop`. + +## Release instructions + +1. Branch: Starting from `develop`, cut a release branch named `release/X.Y.Z` for your changes. +2. Version bump: Bump the version number in `plugin.php`, `readme.txt`, and any other relevant files if it does not already reflect the version being released. +3. Changelog: Add/update the changelog in `CHANGELOG.md` and `readme.txt`. +4. Props: update `CREDITS.md` file with any new contributors, and confirm maintainers are accurate. +5. New files: Check to be sure any new files/paths that are unnecessary in the production version are included in `.gitattributes` or `.distignore`. +6. Readme updates: Make any other readme changes as necessary. `CHANGELOG.md` and `README.md` are geared toward GitHub and `readme.txt` contains WordPress.org-specific content. The two are slightly different. +7. Merge: Make a non-fast-forward merge from your release branch to `develop` (or merge the pull request), then do the same for `develop` into `trunk`, ensuring you pull the most recent changes into `develop` first (`git checkout develop && git pull origin develop && git checkout trunk && git merge --no-ff develop`). `trunk` contains the stable development version. +8. Push: Push your `trunk` branch to GitHub (e.g. `git push origin trunk`). +9. Compare `trunk` to `develop` to ensure no additional changes were missed. Visit [REPOSITORY_URL]/compare/trunk...develop +10. Test the pre-release ZIP locally by downloading it from the **Build release zip** action artifact and installing it locally. Ensure this zip has all the files we expect, that it installs and activates correctly and that all basic functionality is working. +11. Release: Create a [new release](/releases/new), naming the tag and the release with the new version number, and targeting the `trunk` branch. Paste the changelog from `CHANGELOG.md` into the body of the release and include a link to the closed issues on the [X.Y.Z milestone](/milestone/#?closed=1). +12. SVN: Wait for the [GitHub Action](/actions) to finish deploying to the WordPress.org repository. If all goes well, users with SVN commit access for that plugin will receive an emailed diff of changes. +13. Check WordPress.org: Ensure that the changes are live on https://wordpress.org/plugins/plugin-name/. This may take a few minutes. +14. Close milestone: Edit the [X.Y.Z milestone](/milestone/#) with release date (in the `Due date (optional)` field) and link to GitHub release (in the `Description` field), then close the milestone. +15. Punt incomplete items: If any open issues or PRs which were milestoned for `X.Y.Z` do not make it into the release, update their milestone to `X.Y.Z+1`, `X.Y+1.0`, `X+1.0.0` or `Future Release`. + +### What to do if things go wrong + +If you run into issues during the release process and things have NOT fully deployed to WordPress.org / npm / whatever external-to-GitHub location that we might be publishing to, then the best thing to do will be to delete any Tag (e.g., https://github.com/ORG/REPO/releases/tag/TAGNAME) or Release that's been created, research what's wrong, and once things are resolved work on re-tagging and re-releasing on GitHub and publishing externally where needed. + +If you run into issues during the release process and things HAVE deployed to WordPress.org / npm / whatever external-to-GitHub location that we might be publishing to, then the best thing to do will be to research what's wrong and once things are resolved work on a patch release and tag on GitHub and publishing externally where needed. At the top of the changelog / release notes it's best to note that its a hotfix to resolve whatever issues were found after the previous release. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1f85e92 --- /dev/null +++ b/README.md @@ -0,0 +1,55 @@ +# Zero Spam for WordPress + +> No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves. + +[![Support Level](https://img.shields.io/badge/support-active-green.svg)](#support-level) [![MIT License](https://img.shields.io/github/license/Highfivery/.github.svg)](https://github.com/Highfivery/.github/blob/trunk/LICENSE.md) + +## Overview + +Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/), and [Project Honeypot](https://www.projecthoneypot.org/) to offer a strong defense system. + +Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it's pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website. + += Worry-free, Powerful Protection at Your Fingertips = + +* No captchas or moderation queues — no longer a admin’s problem. +* Our system dynamically blocks threats, keeping your site safe. +* Integration with global IP reputation providers for enhanced security. +* Block IPs temporarily or permanently, keep unwanted visitors out. +* Geolocation tracks origins of threats, providing valuable insights. +* Ability to block countries, regions, zip/postal codes & cities. +* Utilize [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist) to strengthen your disallowed list. +* Block disposable & malicious email effortlessly with [disposable](https://github.com/disposable). +* Multiple techniques, including the renowned solution by [David Walsh](https://davidwalsh.name/wordpress-comment-spam). + += Seamlessly integrates with popular plugins including: = + +* [WooCommerce](https://wordpress.org/plugins/woocommerce/) — Secure customer registrations. +* [GiveWP](https://givewp.com/ref/1118/) — Prevents attempts to test stolen credit cards. +* [ProfilePress](https://wordpress.org/plugins/wp-user-avatar/) — Keeps registrations safe & secure. +* [Mailchimp for WordPress](https://wordpress.org/plugins/mailchimp-for-wp/) — Protects sign-ups from abuse. +* [Gravity Forms](https://www.gravityforms.com/), [Contact Form 7](https://wordpress.org/plugins/contact-form-7/), [WPForms](https://wordpress.org/plugins/wpforms-lite/), [Formidable Form Builder](https://wordpress.org/plugins/formidable/), [Fluent Forms](https://wordpress.org/plugins/fluentform/), [wpDiscuz](https://wordpress.org/plugins/wpdiscuz/) — Versatile form protection. + +With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind. + += Enhance Detection with Optional 3rd-Party Integrations = + +Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies. + +* **[Zero Spam](https://www.zerospam.org/)** - Utilize our real-time IP reputation analysis. Take a look at our [Privacy Policy](https://www.zerospam.org/privacy/) and [Terms of Use](https://www.zerospam.org/terms/) for more details. +* **[ipbase.com](https://ipbase.com/)** - Access detailed geolocation information of attackers. Familiarize yourself with their [Privacy Policy](https://ipbase.com/privacy-policy/) & [Terms of Use](https://www.iubenda.com/terms-and-conditions/41661719). +* **[ipinfo.io](https://ipinfo.io/)** - Gather geolocation details of malicious users. Refer to their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service) for further information. +* **[ipstack](https://ipstack.com/)** - Obtain extensive geolocation insights. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms) to learn more. +* **[Stop Forum Spam](https://www.stopforumspam.com/)** - Verify if visitors' IPs have been reported. Explore their [Privacy Policy](https://www.stopforumspam.com/privacy) and [Terms of Use](https://www.stopforumspam.com/legal) for additional details. +* **[Project Honeypot](https://www.projecthoneypot.org/)** - Check if visitors' IPs have been flagged. Refer to their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) and [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php) for more information. +* **[Google Maps](https://developers.google.com/maps)** - Plot attack locations on Google Maps. Please review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms) for complete details. + +Additionally, you have the option to contribute to Zero Spam's improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our [FAQ](https://github.com/Highfivery/zero-spam-for-wordpress/wiki/FAQ). + +## Support Level + +**Active:** Highfivery is actively working on this, and we expect to continue work for the foreseeable future including keeping tested up to the most recent version of WordPress. Bug reports, feature requests, questions, and pull requests are welcome. + +## Like what you see? + +Learn more about Highfivery diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..dd091f1 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,48 @@ +# Security Policy + +## Supported Versions + +The following versions of this project are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.5.1 | :white_check_mark: | +| <5.5.1 | :x: | + +## Reporting a Vulnerability + +To report a security issue please email details to info@highfivery.com with a descriptive subject line. This account is monitored by a small team within Highfivery. In addition, please include the following information along with your report: + +- Your name and affiliation (if any). +- A description of the technical details of the vulnerability. It is very important to let us know how we can reproduce your findings. +- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex. +- Whether this vulnerability is public or known to third parties. If it is, please provide details. + +If you believe that an existing (public) issue is security-related, please send an email to info@highfivery.com. The email should include the issue ID and a short description of why it should be handled according to this security policy. + +## Responding to Vulnerability Reports + +Highfivery takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions. + +Your email will be acknowledged within ONE business day, and you will receive a more detailed response to your email within SEVEN days indicating the next steps in handling your report. After the initial reply to your report, Highfivery will keep you informed of the progress being made towards a fix and announcement. If your vulnerability report is accepted, then we will work with you on a fix and follow the process noted below on [disclosing vulnerabilities](#disclosing-a-vulnerability). If your vulnerability report is declined, then we will provide you with a reasoning as to why we came to that conclusion. + +## Disclosing a Vulnerability + +Once an issue is reported, Highfivery uses the following disclosure process: + +- When a report is received, we confirm the issue and determine its severity. +- If we know of specific third-party services or software that require mitigation before publication, those projects will be notified. +- An advisory is prepared (but not published) which details the problem and steps for mitigation. +- Wherever possible, fixes are prepared for the last minor release of the two latest major releases, as well as the trunk branch. We will attempt to commit these fixes as soon as possible, and as close together as possible. +- Patch releases are published for all fixed released versions and the advisory is published. +- Release notes and our CHANGELOG.md will include a `Security` section with a link to the advisory. + +We credit reporters for identifying vulnerabilities, although we will keep your name confidential if you request it. + +## Known Vulnerabilities + +Past security advisories, if any, are listed below. + +| Advisory Number | Type | Versions affected | Reported by | Additional Information | +|-----------------|--------------------|:-----------------:|-----------------------|-----------------------------| +| - | - | - | - | - | diff --git a/readme.txt b/readme.txt index 69978cd..fccbfc7 100644 --- a/readme.txt +++ b/readme.txt @@ -9,62 +9,47 @@ Stable tag: 5.5.1 License: GNU GPLv3 License URI: https://choosealicense.com/licenses/gpl-3.0/ -Shield your site from spam, malicious users, and attacks with our advanced detection engine. Integrate seamlessly with other plugins for added protection. +No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves. == Description == -🛡️ Safeguard your WordPress website effortlessly with Zero Spam for WordPress! Say goodbye to spam, malicious users, and a variety of sneaky attacks that can disrupt your online presence. Our plugin, powered by an advanced behavior detection engine, integrates seamlessly with [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/), and [Project Honeypot](https://www.projecthoneypot.org/) to provide you with a robust defense system. +Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminate spam and malicious attacks that can harm your online presence. Our plugin integrates effortlessly with [Zero Spam](https://www.zerospam.org), [Stop Forum Spam](https://www.stopforumspam.com/), and [Project Honeypot](https://www.projecthoneypot.org/) to offer a strong defense system. -🔍 Rest easy knowing that our plugin utilizes multiple detection methods to swiftly identify and halt potential threats. Whether it's pesky spam, devious trolls, or cunning hackers, Zero Spam for WordPress is here to protect your digital kingdom. - -💪 Take your website's security to the next level with our seamless integration with popular plugins like [WooCommerce](https://wordpress.org/plugins/woocommerce/), [GiveWP](https://givewp.com/ref/1118/), [Gravity Forms](https://www.gravityforms.com/), and many more. By joining forces, we ensure comprehensive protection for your valuable online assets. - -💫 Don't let spam and malicious users run amok on your WordPress website. Choose Zero Spam for WordPress and enjoy a safer, more enjoyable online experience. It's time to take control and keep your virtual doorstep spam-free and secure! +Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it's pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website. = Worry-free, Powerful Protection at Your Fingertips = -* Say goodbye to captchas and moderation queues—spam is no longer a user or administrator's problem. -* Our intelligent behavior detection engine dynamically blocks threats, keeping your site safe. -* Benefit from seamless integration with global IP reputation providers for enhanced security. -* Take control with the ability to block IPs temporarily or permanently, ensuring unwanted visitors stay out. -* Geolocation integration allows you to track the origins of threats, providing valuable insights. -* Safeguard your site by blocking entire countries, regions, zip/postal codes, and cities. -* Utilize the optional disallowed list using [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist) to further enhance your protection. -* Block known disposable and malicious email domains effortlessly using [disposable](https://github.com/disposable). -* Our plugin employs multiple detection techniques, including the renowned solution by [David Walsh](https://davidwalsh.name/wordpress-comment-spam). - -= But wait, there's more! Enhanced Protection for Various Forms = - -* Protect your valuable comments, user registrations, and login forms from unwanted intrusions. -* Safeguard your [GiveWP](https://givewp.com/ref/1118/) forms, preventing attempts to test stolen credit cards. -* Enjoy seamless integration with popular form plugins such as [Gravity Forms](https://www.gravityforms.com/), [Contact Form 7](https://wordpress.org/plugins/contact-form-7/), [WPForms](https://wordpress.org/plugins/wpforms-lite/), [Formidable Form Builder](https://wordpress.org/plugins/formidable/), [Fluent Forms](https://wordpress.org/plugins/fluentform/), and [wpDiscuz](https://wordpress.org/plugins/wpdiscuz/). -* Ensure secure registrations for your [WooCommerce](https://wordpress.org/plugins/woocommerce/) store. -* Protect your [Mailchimp for WordPress](https://wordpress.org/plugins/mailchimp-for-wp/) sign-ups from potential abuse. -* Keep your [ProfilePress](https://wordpress.org/plugins/wp-user-avatar/) registrations safe and secure. -* Plus, our plugin seamlessly integrates into any existing theme or plugin, providing ultimate flexibility. - -Experience the peace of mind that comes with Zero Spam for WordPress—your reliable shield against spam and malicious threats. +* No captchas or moderation queues — no longer a admin’s problem. +* Our system dynamically blocks threats, keeping your site safe. +* Integration with global IP reputation providers for enhanced security. +* Block IPs temporarily or permanently, keep unwanted visitors out. +* Geolocation tracks origins of threats, providing valuable insights. +* Ability to block countries, regions, zip/postal codes & cities. +* Utilize [splorp's Comment Blacklist](https://github.com/splorp/wordpress-comment-blacklist) to strengthen your disallowed list. +* Block disposable & malicious email effortlessly with [disposable](https://github.com/disposable). +* Multiple techniques, including the renowned solution by [David Walsh](https://davidwalsh.name/wordpress-comment-spam). -= Expert Support at Your Service = += Seamlessly integrates with popular plugins including: = -* Our dedicated team of highly-experienced developers is here to provide you with unparalleled support. -* Have questions or need assistance? Join the vibrant support forum and tap into a wealth of knowledge. -* Share your feedback, report bugs, or suggest new features on [Github](https://github.com/Highfivery/zero-spam-for-wordpress/issues) to help us continuously improve. -* For direct inquiries or personalized assistance, feel free to [contact us directly](https://www.zerospam.org/contact). +* [WooCommerce](https://wordpress.org/plugins/woocommerce/) — Secure customer registrations. +* [GiveWP](https://givewp.com/ref/1118/) — Prevents attempts to test stolen credit cards. +* [ProfilePress](https://wordpress.org/plugins/wp-user-avatar/) — Keeps registrations safe & secure. +* [Mailchimp for WordPress](https://wordpress.org/plugins/mailchimp-for-wp/) — Protects sign-ups from abuse. +* [Gravity Forms](https://www.gravityforms.com/), [Contact Form 7](https://wordpress.org/plugins/contact-form-7/), [WPForms](https://wordpress.org/plugins/wpforms-lite/), [Formidable Form Builder](https://wordpress.org/plugins/formidable/), [Fluent Forms](https://wordpress.org/plugins/fluentform/), [wpDiscuz](https://wordpress.org/plugins/wpdiscuz/) — Versatile form protection. -With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support system that ensures your peace of mind. +With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind. = Enhance Detection with Optional 3rd-Party Integrations = -Zero Spam for WordPress offers the flexibility to integrate with additional services, bolstering its ability to detect spam and malicious users. While these integrations are entirely optional and not mandatory for Zero Spam to function, they can provide valuable insights. Prior to opting into any of these services, we recommend reviewing their respective terms of use and privacy policies. +Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies. -* **[Zero Spam](https://www.zerospam.org/)** - Utilize their advanced spam score analysis by sharing visitor IP and, when available, email. Take a look at their [Privacy Policy](https://www.zerospam.org/privacy/) and [Terms of Use](https://www.zerospam.org/terms/) for more details. -* **[ipbase.com](https://ipbase.com/)** - Access detailed geolocation information by sharing visitor IP. Familiarize yourself with their [Privacy Policy](https://ipbase.com/privacy-policy/) and [Terms of Use](https://www.iubenda.com/terms-and-conditions/41661719). -* **[ipinfo.io](https://ipinfo.io/)** - Gather comprehensive geolocation details by sharing visitor IP. Refer to their [Privacy Policy](https://ipinfo.io/privacy-policy) and [Terms of Use](https://ipinfo.io/terms-of-service) for further information. -* **[ipstack](https://ipstack.com/)** - Obtain extensive geolocation insights by sharing visitor IP. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) and [Terms of Use](https://ipstack.com/terms) to learn more. -* **[Stop Forum Spam](https://www.stopforumspam.com/)** - Verify if visitors' IPs have been reported for spam-related activities. Explore their [Privacy Policy](https://www.stopforumspam.com/privacy) and [Terms of Use](https://www.stopforumspam.com/legal) for additional details. -* **[Project Honeypot](https://www.projecthoneypot.org/)** - Check if visitors' IPs have been flagged for suspicious behavior. Refer to their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) and [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php) for more information. -* **[Google Maps](https://developers.google.com/maps)** - Enable plotting of attack locations on Google Maps. Please review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) and [Terms of Use](https://developers.google.com/terms/site-terms) for complete details. +* **[Zero Spam](https://www.zerospam.org/)** - Utilize our real-time IP reputation analysis. Take a look at our [Privacy Policy](https://www.zerospam.org/privacy/) and [Terms of Use](https://www.zerospam.org/terms/) for more details. +* **[ipbase.com](https://ipbase.com/)** - Access detailed geolocation information of attackers. Familiarize yourself with their [Privacy Policy](https://ipbase.com/privacy-policy/) & [Terms of Use](https://www.iubenda.com/terms-and-conditions/41661719). +* **[ipinfo.io](https://ipinfo.io/)** - Gather geolocation details of malicious users. Refer to their [Privacy Policy](https://ipinfo.io/privacy-policy) & [Terms of Use](https://ipinfo.io/terms-of-service) for further information. +* **[ipstack](https://ipstack.com/)** - Obtain extensive geolocation insights. Review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://ipstack.com/terms) to learn more. +* **[Stop Forum Spam](https://www.stopforumspam.com/)** - Verify if visitors' IPs have been reported. Explore their [Privacy Policy](https://www.stopforumspam.com/privacy) and [Terms of Use](https://www.stopforumspam.com/legal) for additional details. +* **[Project Honeypot](https://www.projecthoneypot.org/)** - Check if visitors' IPs have been flagged. Refer to their [Privacy Policy](https://www.projecthoneypot.org/privacy_policy.php) and [Terms of Use](https://www.projecthoneypot.org/terms_of_use.php) for more information. +* **[Google Maps](https://developers.google.com/maps)** - Plot attack locations on Google Maps. Please review their [Privacy Policy](https://www.ideracorp.com/Legal/APILayer/PrivacyStatement) & [Terms of Use](https://developers.google.com/terms/site-terms) for complete details. Additionally, you have the option to contribute to Zero Spam's improvement by enabling the sharing of detection information. For further information on the shared data, kindly refer to our [FAQ](https://github.com/Highfivery/zero-spam-for-wordpress/wiki/FAQ). From b1389cf8fbfd19e4f34dde235db56b8d4028c4b4 Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Tue, 4 Jul 2023 14:23:44 -0500 Subject: [PATCH 2/8] docs(templates): removing the old feature request template --- .github/ISSUE_TEMPLATE/feature_request.md | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md deleted file mode 100644 index 7366d55..0000000 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: Feature request -about: Suggest an idea for this project -title: "[FEATURE]" -labels: feature request -assignees: bmarshall511 - ---- - -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] - -**Describe the solution you'd like** -A clear and concise description of what you want to happen. - -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. From 29898b7263ef35461f3158ba5e9ad6e4104fc72a Mon Sep 17 00:00:00 2001 From: Ben Marshall <1920159+bmarshall511@users.noreply.github.com> Date: Tue, 4 Jul 2023 14:29:36 -0500 Subject: [PATCH 3/8] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1f85e92..ab2935c 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ Protect your WordPress website seamlessly with Zero Spam for WordPress! Eliminat Rest easy knowing that we utilize multiple detection methods to swiftly identify and halt potential threats. Whether it's pesky spam, devious trolls, or cunning hackers, Zero Spam is here to protect your website. -= Worry-free, Powerful Protection at Your Fingertips = +### Worry-free, Powerful Protection at Your Fingertips * No captchas or moderation queues — no longer a admin’s problem. * Our system dynamically blocks threats, keeping your site safe. @@ -22,7 +22,7 @@ Rest easy knowing that we utilize multiple detection methods to swiftly identify * Block disposable & malicious email effortlessly with [disposable](https://github.com/disposable). * Multiple techniques, including the renowned solution by [David Walsh](https://davidwalsh.name/wordpress-comment-spam). -= Seamlessly integrates with popular plugins including: = +### Seamlessly integrates with popular plugins including: * [WooCommerce](https://wordpress.org/plugins/woocommerce/) — Secure customer registrations. * [GiveWP](https://givewp.com/ref/1118/) — Prevents attempts to test stolen credit cards. @@ -32,7 +32,7 @@ Rest easy knowing that we utilize multiple detection methods to swiftly identify With Zero Spam for WordPress, you not only get exceptional protection but also a reliable support that ensures your peace of mind. -= Enhance Detection with Optional 3rd-Party Integrations = +### Enhance Detection with Optional 3rd-Party Integrations Zero Spam for WordPress can integrate optional services for enhanced spam detection. Before using these, we recommend reviewing their terms and privacy policies. From 3a477a446f310add52f744a3c503d2198054fac1 Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Tue, 4 Jul 2023 15:12:00 -0500 Subject: [PATCH 4/8] docs(git): added phpcs workflow & updated composer --- .github/workflows/wpcs.yml | 21 +++++++++++++++++++ composer.json | 43 +++++++++++++++++++------------------- 2 files changed, 42 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/wpcs.yml diff --git a/.github/workflows/wpcs.yml b/.github/workflows/wpcs.yml new file mode 100644 index 0000000..507ae9c --- /dev/null +++ b/.github/workflows/wpcs.yml @@ -0,0 +1,21 @@ +name: WPCS check + +on: pull_request + +jobs: + phpcs: + name: WPCS + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: WPCS check + uses: 10up/wpcs-action@stable + with: + standard: 'WordPress' + extra_args: '--report-json=./phpcs.json' + - name: Update summary + run: | + npm i -g github:10up/phpcs-json-to-md + phpcs-json-to-md --path ./phpcs.json --output ./phpcs.md + cat phpcs.md >> $GITHUB_STEP_SUMMARY + if: always() diff --git a/composer.json b/composer.json index ed9bb42..2590ae4 100644 --- a/composer.json +++ b/composer.json @@ -1,37 +1,36 @@ { - "name": "bmarshall511/wordpress_zero_spam", - "description": "WordPress Zero Spam makes blocking spam & malicious visitors a cinch. Just install, activate and enjoy a spam-free site.", - "keywords": ["wordpress-plugin"], + "name": "highfivery/zero-spam-for-wordpress", + "description": "No spam, no scams, just seamless experiences with Zero Spam for WordPress - the shield your site deserves.", "type": "wordpress-plugin", - "homepage": "https://www.zerospam.org/", + "keywords": ["wordpress", "plugin", "zerospam", "spam"], + "license": "GPL-2.0-only", + "minimum-stability": "dev", + "prefer-stable": true, "authors": [ { - "name": "Ben Marshall (bmarshall)", - "homepage": "https://www.benmarshall.me", - "role": "Maintainer" + "name": "Ben Marshall", + "email": "me@benmarshall.me", + "homepage": "https://www.benmarshall.me" + }, + { + "name": "Highfivery", + "email": "info@highfivery.com", + "homepage": "https://highfivery.com" } ], - "support": { - "issues": "https://github.com/bmarshall511/wordpress-zero-spam/issues" - }, - "license": "GPL-2.0-or-later", - "minimum-stability": "stable", "repositories": [ { - "type": "package", - "package": { - "name": "bmarshall511/wordpress-zero-spam", - "version": "master", - "source": { - "url": "git://github.com/bmarshall511/wordpress-zero-spam.git", - "type": "git", - "reference": "master" - } - } + "type":"composer", + "url":"https://wpackagist.org" } ], "require": { "php" : ">=7.2", "ipinfo/ipinfo": "^2.3" + }, + "extra": { + "installer-paths": { + "vendor/{$name}/": ["type:wordpress-plugin"] + } } } From f2cc9cb182a35e99af5779fecb3ada8eda26df60 Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Tue, 4 Jul 2023 16:03:48 -0500 Subject: [PATCH 5/8] docs(git): minor update to phpcs workflow --- .github/workflows/wpcs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/wpcs.yml b/.github/workflows/wpcs.yml index 507ae9c..772a657 100644 --- a/.github/workflows/wpcs.yml +++ b/.github/workflows/wpcs.yml @@ -1,4 +1,4 @@ -name: WPCS check +name: WPCS Check on: pull_request @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: WPCS check + - name: WPCS Check uses: 10up/wpcs-action@stable with: standard: 'WordPress' From 4825f436a703f2ba285ecc106af53061e3d7f68a Mon Sep 17 00:00:00 2001 From: Stephen Date: Sat, 16 Sep 2023 16:58:41 +1200 Subject: [PATCH 6/8] Update class-ipbase.php Fix incorrectly named variables --- modules/ipbase/class-ipbase.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/ipbase/class-ipbase.php b/modules/ipbase/class-ipbase.php index 04f3421..7809b29 100644 --- a/modules/ipbase/class-ipbase.php +++ b/modules/ipbase/class-ipbase.php @@ -148,7 +148,7 @@ public static function query_ip_address( $ip_address ) { $queried_cache_key = \ZeroSpam\Core\Utilities::cache_key( array( 'ipinfo', - $ip, + $ip_address, ) ); @@ -158,10 +158,10 @@ public static function query_ip_address( $ip_address ) { $response_timeout = 5; if ( ! empty( $settings['ipbase_api_timeout'] ) ) { - $timeout = intval( $settings['ipbase_api_timeout']['value'] ); + $response_timeout = intval( $settings['ipbase_api_timeout']['value'] ); } - $response = \ZeroSpam\Core\Utilities::remote_get( $endpoint, array( 'timeout' => $timeout ) ); + $response = \ZeroSpam\Core\Utilities::remote_get( $endpoint, array( 'timeout' => $response_timeout ) ); if ( $response ) { $result = json_decode( $response, true ); From 8e96d27fe84c182946578cf28601b283ee910055 Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Thu, 7 Mar 2024 09:15:32 -0600 Subject: [PATCH 7/8] fix(vulnerability): fix for bypass using .ico in url or adjusting the x-forwarded-for header --- core/class-access.php | 7 +++-- core/class-user.php | 65 +++++++++++++++++++++---------------------- readme.txt | 4 +++ 3 files changed, 40 insertions(+), 36 deletions(-) diff --git a/core/class-access.php b/core/class-access.php index a57cf22..4f36ea9 100644 --- a/core/class-access.php +++ b/core/class-access.php @@ -41,11 +41,12 @@ public function init() { public static function process( $ignore_ajax = false ) { $user_ip = \ZeroSpam\Core\User::get_ip(); - // Fix for .favicon requests. - if ( strpos( $_SERVER['REQUEST_URI'], '.ico' ) !== false ) { + // Check for .ico requests. + $path = parse_url( $_SERVER['REQUEST_URI'], PHP_URL_PATH ); + if ( substr( $path, -4 ) === '.ico' ) { return false; } - + if ( $ignore_ajax && is_admin() || is_user_logged_in() || \ZeroSpam\Core\Utilities::is_whitelisted( $user_ip ) ) { return false; } elseif ( ! $ignore_ajax && ( is_admin() && ! wp_doing_ajax() ) || is_user_logged_in() ) { diff --git a/core/class-user.php b/core/class-user.php index 1b7855e..0425f4e 100644 --- a/core/class-user.php +++ b/core/class-user.php @@ -21,41 +21,40 @@ class User { * Gets the current user's IP. */ public static function get_ip() { - $settings = Settings::get_settings(); - $ip = false; - - // Check if a debugging IP is enabled. - if ( ! empty( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ) { - // Check against Cloudflare's reported IP address. - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CF_CONNECTING_IP'] ) ); - } else { - // Handle all other IPs. - if ( ! empty( $_SERVER['HTTP_CLIENT_IP'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_CLIENT_IP'] ) ); - } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ); - } elseif ( ! empty( $_SERVER['HTTP_X_FORWARDED'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_X_FORWARDED'] ) ); - } elseif ( isset( $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_XHTTP_X_CLUSTER_CLIENT_IP_FORWARDED'] ) ); - } elseif ( ! empty( $_SERVER['HTTP_FORWARDED_FOR'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED_FOR'] ) ); - } elseif ( ! empty( $_SERVER['HTTP_FORWARDED'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['HTTP_FORWARDED'] ) ); - } elseif ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) { - $ip = sanitize_text_field( wp_unslash( $_SERVER['REMOTE_ADDR'] ) ); - } - } - - if ( $ip ) { - $ip = explode( ',', $ip ); - $ip = trim( $ip[0] ); - - if ( ! rest_is_ip_address( $ip ) ) { - $ip = false; + $ip_sources = [ + 'HTTP_CF_CONNECTING_IP', + 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_X_FORWARDED', + 'HTTP_X_CLUSTER_CLIENT_IP', + 'HTTP_FORWARDED_FOR', + 'HTTP_FORWARDED', + 'REMOTE_ADDR' + ]; + + foreach ( $ip_sources as $source ) { + if ( ! empty( $_SERVER[ $source ] ) ) { + $ip = sanitize_text_field( wp_unslash( $_SERVER[ $source ] ) ); + + // Handle multiple IP addresses in X-Forwarded-For by taking the first valid IP. + if ( $source === 'HTTP_X_FORWARDED_FOR' && strpos( $ip, ',' ) !== false ) { + $ip_list = explode( ',', $ip ); + foreach ( $ip_list as $potential_ip ) { + $potential_ip = trim( $potential_ip ); + if ( rest_is_ip_address( $potential_ip ) ) { + return apply_filters( 'zerospam_get_ip', $potential_ip ); + } + } + } else { + // Validate single IP address. + if ( rest_is_ip_address( $ip ) ) { + return apply_filters( 'zerospam_get_ip', $ip ); + } + } } } - return apply_filters( 'zerospam_get_ip', $ip ); + // Return false if no valid IP address is found. + return false; } } diff --git a/readme.txt b/readme.txt index fccbfc7..1f1b8f4 100644 --- a/readme.txt +++ b/readme.txt @@ -103,6 +103,10 @@ If hosting with Pantheon, see their [known issues page](https://pantheon.io/docs == Changelog == += v5.5.2 = + +* fix(vulnerability): fix for bypass using .ico in url or adjusting the x-forwarded-for header + = v5.5.1 = * fix(david walsh): fix for jquery not defined error, related to the zerospamdavidwalsh method, resolves #359 From 5861c99230c99f717f6eb7c6de76ecd971717584 Mon Sep 17 00:00:00 2001 From: Ben Marshall Date: Thu, 7 Mar 2024 09:24:34 -0600 Subject: [PATCH 8/8] release(5.5.2): updating version --- readme.txt | 2 +- wordpress-zero-spam.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/readme.txt b/readme.txt index 1f1b8f4..79936ec 100644 --- a/readme.txt +++ b/readme.txt @@ -5,7 +5,7 @@ Donate link: https://www.zerospam.org/subscribe/ Requires at least: 5.2 Tested up to: 6.2.2 Requires PHP: 7.4 -Stable tag: 5.5.1 +Stable tag: 5.5.2 License: GNU GPLv3 License URI: https://choosealicense.com/licenses/gpl-3.0/ diff --git a/wordpress-zero-spam.php b/wordpress-zero-spam.php index 63d7663..cdfbc87 100644 --- a/wordpress-zero-spam.php +++ b/wordpress-zero-spam.php @@ -13,7 +13,7 @@ * Plugin Name: Zero Spam for WordPress * Plugin URI: https://www.highfivery.com/projects/zero-spam/ * Description: Tired of all the ineffective WordPress anti-spam & security plugins? Zero Spam for WordPress makes blocking spam & malicious activity a cinch. Just activate, configure, and say goodbye to spam. - * Version: 5.5.1 + * Version: 5.5.2 * Requires at least: 5.2 * Requires PHP: 7.3 * Author: Highfivery LLC @@ -31,7 +31,7 @@ define( 'ZEROSPAM', __FILE__ ); define( 'ZEROSPAM_PATH', plugin_dir_path( ZEROSPAM ) ); define( 'ZEROSPAM_PLUGIN_BASE', plugin_basename( ZEROSPAM ) ); -define( 'ZEROSPAM_VERSION', '5.5.1' ); +define( 'ZEROSPAM_VERSION', '5.5.2' ); if ( defined( 'ZEROSPAM_DEVELOPMENT_URL' ) ) { define( 'ZEROSPAM_URL', ZEROSPAM_DEVELOPMENT_URL );