{"id":1910,"date":"2023-01-13T17:28:49","date_gmt":"2023-01-13T17:28:49","guid":{"rendered":"https:\/\/make.wordpress.org\/plugins\/?p=1910"},"modified":"2023-01-13T17:28:49","modified_gmt":"2023-01-13T17:28:49","slug":"looking-for-your-intentionally-wrong-plugins","status":"publish","type":"post","link":"https:\/\/make.wordpress.org\/plugins\/2023\/01\/13\/looking-for-your-intentionally-wrong-plugins\/","title":{"rendered":"Looking for your (intentionally) wrong plugins"},"content":{"rendered":"<p class=\"has-very-light-gray-to-cyan-bluish-gray-gradient-background has-background wp-block-paragraph\"><strong>tl;dr:<\/strong> Do you have demo plugins that are dangerous on purpose? We want to see them!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">One of the behind-the-scenes steps going on right now is figuring out HOW to onboard and make sure people are good at looking through plugins, finding the security\/guideline issues, and can explain what they are and why they\u2019re bad. While most of the explanation we have covered in pre-defined replies, you should know why something is wrong \ud83d\ude42<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In order to do this, we need some <strong>intentionally<\/strong> busted plugins so people can get experience in looking for \u2018wrong\u2019 in a safe situation.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">By \u2018wrong\u2019 I mean\u2026<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Plugins that don\u2019t sanitize\/escape<\/li>\n\n\n\n<li>Shortcodes not checking for validity\/security<\/li>\n\n\n\n<li>SQL prepare() issues<\/li>\n\n\n\n<li>Using script tags instead of wp_enqueue()<\/li>\n\n\n\n<li>Using curl\/file_remote_get instead of the <span tabindex='0' class='glossary-item-container'>HTTP<span class='glossary-item-hidden-content'><span class='glossary-item-header'>HTTP<\/span> <span class='glossary-item-description'>HTTP is an acronym for Hyper Text Transfer Protocol. HTTP  is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.<\/span><\/span><\/span> <span tabindex='0' class='glossary-item-container'>API<span class='glossary-item-hidden-content'><span class='glossary-item-header'>API<\/span> <span class='glossary-item-description'>An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.<\/span><\/span><\/span><\/li>\n\n\n\n<li>Trademarks (Starting your <span tabindex='0' class='glossary-item-container'>plugin<span class='glossary-item-hidden-content'><span class='glossary-item-header'>Plugin<\/span> <span class='glossary-item-description'>A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory <a href=\"https:\/\/wordpress.org\/plugins\/\">https:\/\/wordpress.org\/plugins\/<\/a> or can be cost-based plugin from a third-party.<\/span><\/span><\/span> name with \u201cMicrosoft\u201d for example)<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This is an incomplete list. I doubt anyone can make a plugin with 100% of all the things we look for since that changes nearly every day as people come up with new and inventive ways to be dangerous. Of course if you can, I\u2019d love to see that too!<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While we certainly can use some submitted\/closed plugins for this, it would be nice to have a set of \u201cThese are some busted plugins to practice on\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">I know some of you are clever folks and have things like that for fun, and right now, we want to see them! Email them (either zip or link to your repo) to <code>plugins@wordpress.org<\/code> with the subject <strong>\u201cDemo Plugin for Reviewers\u201d<\/strong> (we make heavy use of email filtering, so that subject is important!).<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n<p class=\"o2-appended-tags\"><a href=\"https:\/\/make.wordpress.org\/plugins\/tag\/community-support\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>community-support<\/a><\/p><nav class='o2-post-footer-actions'><ul class='o2-post-footer-action-row'><\/ul><div class='o2-post-footer-action-likes'><\/div><ul class='o2-post-footer-action-row'><\/ul><\/nav>","protected":false},"excerpt":{"rendered":"<p>tl;dr: Do you have demo plugins that are dangerous on purpose? We want to see them! One of the behind-the-scenes steps going on right now is figuring out HOW to onboard and make sure people are good at looking through plugins, finding the security\/guideline issues, and can explain what they are and why they\u2019re bad. [&hellip;]<\/p>\n","protected":false},"author":71562,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[28],"tags":[262],"class_list":["post-1910","post","type-post","status-publish","format-standard","hentry","category-announcement","tag-community-support","author-ipstenu"],"revision_note":"","jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p29geH-uO","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/posts\/1910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/users\/71562"}],"replies":[{"embeddable":true,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=1910"}],"version-history":[{"count":2,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/posts\/1910\/revisions"}],"predecessor-version":[{"id":1912,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/posts\/1910\/revisions\/1912"}],"wp:attachment":[{"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=1910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/categories?post=1910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/make.wordpress.org\/plugins\/wp-json\/wp\/v2\/tags?post=1910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}