Skip to content
Snippets Groups Projects
Commit aad32db7 authored by Erick Hitter's avatar Erick Hitter
Browse files

Introduce constants and filters for command whitelists/blacklists, with constants taking precedence

parent d9ff51a0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
README.md
+ 33
1
View file @ aad32db7
...@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration. ...@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration.
### Does this support custom WP-CLI commands? ### ### Does this support custom WP-CLI commands? ###
Yes, after whitelisting them using the `wp_cli_cron_control_offload_command_whitelist` filter. Yes. By default, no restrictions are placed on what commands are supported, as those restrictions depend on the environment where this plugin is used. That said, see the following sections regarding support for whitelists and blacklists.
### Can I dynamically block commands? ###
Yes, using the `wp_cli_cron_control_offload_is_command_allowed` filter. Note that the blacklist described below takes precedence over this filter (the filter is ignored). Additionally, if a whitelist is provided, the filter uses it as the default.
### Can commands be blocked or blacklisted? ###
Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST` constant or the `wp_cli_cron_control_offload_command_blacklist` filter. If defined, the constant takes precedence and the filter is ignored.
Regardless of whether the constant or filter is used, either should provide an array of top-level commands to permit:
```
array(
'post',
'site',
)
```
### Can commands be restricted or whitelisted? ###
Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST` constant or the `wp_cli_cron_control_offload_command_whitelist` filter. If defined, the constant takes precedence and the filter is ignored.
Regardless of whether the constant or filter is used, either should provide an array of top-level commands to block:
```
array(
'cli',
'core',
'eval',
'eval-file',
)
```
## Changelog ## ## Changelog ##
......
includes/functions.php
+ 27
46
View file @ aad32db7
...@@ -92,66 +92,47 @@ function is_command_allowed( $command ) { ...@@ -92,66 +92,47 @@ function is_command_allowed( $command ) {
return false; return false;
} }
// If there's a whitelist, default to it.
if ( ! empty( get_command_whitelist() ) ) {
add_filter( 'wp_cli_cron_control_offload_is_command_allowed', __NAMESPACE__ . '\command_is_whitelisted', 9, 2 );
}
return apply_filters( 'wp_cli_cron_control_offload_is_command_allowed', true, $command );
}
/**
* Filter callback to check a command against a whitelist
*
* @param bool $whitelisted Command is allowed.
* @param string $command Command to check.
* @return bool
*/
function command_is_whitelisted( $whitelisted, $command ) {
return in_array( $command, get_command_whitelist(), true ); return in_array( $command, get_command_whitelist(), true );
} }
/** /**
* Most commands must be whitelisted * Support a whitelist of commands
* *
* @return array * @return array
*/ */
function get_command_whitelist() { function get_command_whitelist() {
// TODO: constant! if ( defined( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST' ) && is_array( \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST ) ) {
// Supported built-in commands. return \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST;
$whitelist = array( }
'cache',
'cap',
'comment',
'media',
'menu',
'network',
'option',
'plugin',
'post',
'post-type',
'rewrite',
'role',
'sidebar',
'site',
'super-admin',
'taxonomy',
'term',
'theme',
'transient',
'user',
'widget',
);
return apply_filters( 'wp_cli_cron_control_offload_command_whitelist', $whitelist ); return apply_filters( 'wp_cli_cron_control_offload_command_whitelist', array() );
} }
/** /**
* Certain commands should never be allowed * Allow commands to be blocked
* *
* @return array * @return array
*/ */
function get_command_blacklist() { function get_command_blacklist() {
// TODO: constant! if ( defined( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST' ) && is_array( \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST ) ) {
return array( return \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST;
CLI_NAMESPACE, // Don't support scheduling loops. }
'cli',
'config', return apply_filters( 'wp_cli_cron_control_offload_command_blacklist', array() );
'core',
'cron',
'cron-control',
'cron-control-fixers',
'db',
'eval',
'eval-file',
'export',
'import',
'package',
'scaffold',
'server',
);
} }
readme.txt
+ 33
1
View file @ aad32db7
...@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration. ...@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration.
= Does this support custom WP-CLI commands? = = Does this support custom WP-CLI commands? =
Yes, after whitelisting them using the `wp_cli_cron_control_offload_command_whitelist` filter. Yes. By default, no restrictions are placed on what commands are supported, as those restrictions depend on the environment where this plugin is used. That said, see the following sections regarding support for whitelists and blacklists.
= Can I dynamically block commands? =
Yes, using the `wp_cli_cron_control_offload_is_command_allowed` filter. Note that the blacklist described below takes precedence over this filter (the filter is ignored). Additionally, if a whitelist is provided, the filter uses it as the default.
= Can commands be blocked or blacklisted? =
Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST` constant or the `wp_cli_cron_control_offload_command_blacklist` filter. If defined, the constant takes precedence and the filter is ignored.
Regardless of whether the constant or filter is used, either should provide an array of top-level commands to permit:
```
array(
'post',
'site',
)
```
= Can commands be restricted or whitelisted? =
Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST` constant or the `wp_cli_cron_control_offload_command_whitelist` filter. If defined, the constant takes precedence and the filter is ignored.
Regardless of whether the constant or filter is used, either should provide an array of top-level commands to block:
```
array(
'cli',
'core',
'eval',
'eval-file',
)
```
== Changelog == == Changelog ==
......
tests/bootstrap.php
+ 12
0
View file @ aad32db7
...@@ -5,6 +5,18 @@ ...@@ -5,6 +5,18 @@
* @package WP_CLI_Cron_Control_Offload * @package WP_CLI_Cron_Control_Offload
*/ */
/**
* Constants needed to test whitelist/blacklist
*/
define( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST', array(
'post',
) );
define( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST', array(
'cli',
) );
// Locate Core's test lib.
$_tests_dir = getenv( 'WP_TESTS_DIR' ); $_tests_dir = getenv( 'WP_TESTS_DIR' );
if ( ! $_tests_dir ) { if ( ! $_tests_dir ) {
$_tests_dir = '/tmp/wordpress-tests-lib'; $_tests_dir = '/tmp/wordpress-tests-lib';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment