From aad32db7afc4dac022339ed9e8c9bb4fed183476 Mon Sep 17 00:00:00 2001
From: Erick Hitter <git-contrib@ethitter.com>
Date: Mon, 11 Sep 2017 16:18:21 -0700
Subject: [PATCH] Introduce constants and filters for command
whitelists/blacklists, with constants taking precedence
---
README.md | 34 +++++++++++++++++++-
includes/functions.php | 73 ++++++++++++++++--------------------------
readme.txt | 34 +++++++++++++++++++-
tests/bootstrap.php | 12 +++++++
4 files changed, 105 insertions(+), 48 deletions(-)
diff --git a/README.md b/README.md
index dfdad87..29b9e18 100644
--- a/README.md
+++ b/README.md
@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration.
### Does this support custom WP-CLI commands? ###
-Yes, after whitelisting them using the `wp_cli_cron_control_offload_command_whitelist` filter.
+Yes. By default, no restrictions are placed on what commands are supported, as those restrictions depend on the environment where this plugin is used. That said, see the following sections regarding support for whitelists and blacklists.
+
+### Can I dynamically block commands? ###
+
+Yes, using the `wp_cli_cron_control_offload_is_command_allowed` filter. Note that the blacklist described below takes precedence over this filter (the filter is ignored). Additionally, if a whitelist is provided, the filter uses it as the default.
+
+### Can commands be blocked or blacklisted? ###
+
+Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST` constant or the `wp_cli_cron_control_offload_command_blacklist` filter. If defined, the constant takes precedence and the filter is ignored.
+
+Regardless of whether the constant or filter is used, either should provide an array of top-level commands to permit:
+
+```
+array(
+ 'post',
+ 'site',
+)
+```
+
+### Can commands be restricted or whitelisted? ###
+
+Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST` constant or the `wp_cli_cron_control_offload_command_whitelist` filter. If defined, the constant takes precedence and the filter is ignored.
+
+Regardless of whether the constant or filter is used, either should provide an array of top-level commands to block:
+
+```
+array(
+ 'cli',
+ 'core',
+ 'eval',
+ 'eval-file',
+)
+```
## Changelog ##
diff --git a/includes/functions.php b/includes/functions.php
index 91ae498..3c98225 100644
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -92,66 +92,47 @@ function is_command_allowed( $command ) {
return false;
}
+ // If there's a whitelist, default to it.
+ if ( ! empty( get_command_whitelist() ) ) {
+ add_filter( 'wp_cli_cron_control_offload_is_command_allowed', __NAMESPACE__ . '\command_is_whitelisted', 9, 2 );
+ }
+
+ return apply_filters( 'wp_cli_cron_control_offload_is_command_allowed', true, $command );
+}
+
+/**
+ * Filter callback to check a command against a whitelist
+ *
+ * @param bool $whitelisted Command is allowed.
+ * @param string $command Command to check.
+ * @return bool
+ */
+function command_is_whitelisted( $whitelisted, $command ) {
return in_array( $command, get_command_whitelist(), true );
}
/**
- * Most commands must be whitelisted
+ * Support a whitelist of commands
*
* @return array
*/
function get_command_whitelist() {
- // TODO: constant!
- // Supported built-in commands.
- $whitelist = array(
- 'cache',
- 'cap',
- 'comment',
- 'media',
- 'menu',
- 'network',
- 'option',
- 'plugin',
- 'post',
- 'post-type',
- 'rewrite',
- 'role',
- 'sidebar',
- 'site',
- 'super-admin',
- 'taxonomy',
- 'term',
- 'theme',
- 'transient',
- 'user',
- 'widget',
- );
+ if ( defined( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST' ) && is_array( \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST ) ) {
+ return \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST;
+ }
- return apply_filters( 'wp_cli_cron_control_offload_command_whitelist', $whitelist );
+ return apply_filters( 'wp_cli_cron_control_offload_command_whitelist', array() );
}
/**
- * Certain commands should never be allowed
+ * Allow commands to be blocked
*
* @return array
*/
function get_command_blacklist() {
- // TODO: constant!
- return array(
- CLI_NAMESPACE, // Don't support scheduling loops.
- 'cli',
- 'config',
- 'core',
- 'cron',
- 'cron-control',
- 'cron-control-fixers',
- 'db',
- 'eval',
- 'eval-file',
- 'export',
- 'import',
- 'package',
- 'scaffold',
- 'server',
- );
+ if ( defined( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST' ) && is_array( \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST ) ) {
+ return \WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST;
+ }
+
+ return apply_filters( 'wp_cli_cron_control_offload_command_blacklist', array() );
}
diff --git a/readme.txt b/readme.txt
index 299e9d9..7c7f15d 100644
--- a/readme.txt
+++ b/readme.txt
@@ -25,7 +25,39 @@ Provides a WP-CLI command to schedule these events. A UI is under consideration.
= Does this support custom WP-CLI commands? =
-Yes, after whitelisting them using the `wp_cli_cron_control_offload_command_whitelist` filter.
+Yes. By default, no restrictions are placed on what commands are supported, as those restrictions depend on the environment where this plugin is used. That said, see the following sections regarding support for whitelists and blacklists.
+
+= Can I dynamically block commands? =
+
+Yes, using the `wp_cli_cron_control_offload_is_command_allowed` filter. Note that the blacklist described below takes precedence over this filter (the filter is ignored). Additionally, if a whitelist is provided, the filter uses it as the default.
+
+= Can commands be blocked or blacklisted? =
+
+Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST` constant or the `wp_cli_cron_control_offload_command_blacklist` filter. If defined, the constant takes precedence and the filter is ignored.
+
+Regardless of whether the constant or filter is used, either should provide an array of top-level commands to permit:
+
+```
+array(
+ 'post',
+ 'site',
+)
+```
+
+= Can commands be restricted or whitelisted? =
+
+Yes, using either the `WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST` constant or the `wp_cli_cron_control_offload_command_whitelist` filter. If defined, the constant takes precedence and the filter is ignored.
+
+Regardless of whether the constant or filter is used, either should provide an array of top-level commands to block:
+
+```
+array(
+ 'cli',
+ 'core',
+ 'eval',
+ 'eval-file',
+)
+```
== Changelog ==
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 43342a6..e90dcd7 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -5,6 +5,18 @@
* @package WP_CLI_Cron_Control_Offload
*/
+/**
+ * Constants needed to test whitelist/blacklist
+ */
+define( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_WHITELIST', array(
+ 'post',
+) );
+
+define( 'WP_CLI_CRON_CONTROL_OFFLOAD_COMMAND_BLACKLIST', array(
+ 'cli',
+) );
+
+// Locate Core's test lib.
$_tests_dir = getenv( 'WP_TESTS_DIR' );
if ( ! $_tests_dir ) {
$_tests_dir = '/tmp/wordpress-tests-lib';
--
GitLab