Facebook Sharer blocked from ps.w.org CDN

It appears that the facebook scraper has been blocked from ps.w.org.

This causes facebook shares for WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ hosted plugins to not include images.

This is visible in the Facebook debugger as a warning:

Invalid Image Content Type Provided og:image URL, https://ps.w.org/hello-dolly/assets/banner-772×250.jpg?rev=2052855 could not be processed as an image because it has an invalid content type.

https://developers.facebook.com/tools/debug/?q=https%3A%2F%2Fwordpress.org%2Fplugins%2Fhello-dolly%2F

A nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. 403 can be seen at the following url, which suggests facebook scraper has been blocked from the CDN.

https://developers.facebook.com/tools/debug/echo/?q=https%3A%2F%2Fps.w.org%2Fhello-dolly%2Fassets%2Fbanner-772x250.jpg%3Frev%3D2052855

#prio2 #cdn #plugins

WordPress Campus Connect – Custom subdomain

Could we please have campus.wordpress.org added to WordCamp, and the URL structure of `https://campus.wordpress.org/city-name/campus-name/` allowed.

Tasks:
DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252). switched
campus.wordpress.org added to existing events.wordpress.org server_name. (web.conf)
– The below rewrite rules to allow for the site structure. (camps-common)

Rules to be added to camps-common before location / {}

rewrite ^/[_0-9a-zA-Z-]+/[_0-9a-zA-Z-]+(/wp-(content|admin|includes)/.*)$ $1;
rewrite ^/[_0-9a-zA-Z-]+/[_0-9a-zA-Z-]+(/(wp-[^./]+|xmlrpc).php)$ $1;

Rule to be added within location / {}:

rewrite ^/[_0-9a-zA-Z-]+/[_0-9a-zA-Z-]+/files/(.+) /wp-includes/ms-files.php?file=$1 last

To verify that the expected paths work, the following curl command should output a series of HTTPHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. 200’s, this hits WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. + Events + Campus URLs that match the rewrites, with a file that isn’t present on wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ normally.

curl -Is https://events.wordpress.org/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css https://events.wordpress.org/test-site/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css https://testing.wordcamp.org/2025/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css https://campus.wordpress.org/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css https://campus.wordpress.org/test-university/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css https://campus.wordpress.org/test-city/test-university/wp-content/plugins/camptix-attendance/addons/assets/attendance-ui.css | grep ^HTTP

cc @piyopiyofox @anandau14

#prio1 #wordcamp #events #wpcc

Mailing lists subscription functions broken.

As reported in #meta by @westonruter:

It seems like the wp-svn and wp-trac mailing lists aren’t working for new subscriptions. I’ve also tried unsubscribing an old email but I was unsuccessful. (edited)

I’ve verified the behaviour that new subscriptions appear not to generate any emails, either subscription confirmation or notifications from TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. (I sub’d a ...@hulse.com.au email to wp-trac, and verified with Google Email Log search)

#prio2 #lists #email

I’d like to request access…

I’d like to request access to Mission Control for @jeffpaul to assist with packaging WordPress releases, particularly for upcoming minor releases over the next two years.

With the expectation of fewer contributors available for this role during that time, I’m hoping to help fill the gap and ensure continuity in the release process.

Please let me know what information or steps you need from me to more formally request this access, to move forward with granting access, and to run through any training needed.

#prio1 #mc #releases

Plugins pre-commit rule to prevent nested tags

Unfortunately some pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors accidentally create tag-inception by copying their entire plugins repo into a tag (ie. copy /name/ to /name/tags/1.0/) which results in nested tags (/name/tags/1.0/tags/0.9/, etc). Doing this multiple times causes the SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. path to ballon in size (each tagged version it effectively doubles in size) causing plugin export issues / server resource issues eventually.

For some background on this, see this private slack discussion: https://wordpress.slack.com/archives/G02QCEMRY/p1740180642033019
There have been numerous plugins that have run into this, so it’s not just a single author.

To reduce the impact of this, I’ve added a check on the code side to abort when a tag does not contain any files. See https://meta.trac.wordpress.org/changeset/14432

To completely prevent this, can we please add a pre-commit hook to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. it entirely?

Some lightly tested rules I’ve put together follow.. I do not know how expensive the svnlook tree commands are within a pre-commit rule. Now that I look at it again, I could’ve probably used --full-paths or --non-recursive potentially to reduce complexity.


# Iterate over all the added tags in the commit, checking each one for various common issues.
$SVNLOOK changed -t "$TXN" "$REPOS" | \
    grep -Eoi "^A\s+[^/]+/tags/[^/]+" | \
    sort | \
    uniq | \
    while read TAGSTATUS TAGPATH
do
    TREE=$($SVNLOOK tree -t "$TXN" "$REPOS" "$TAGPATH")

    # Perform some basic checks that the created tag looks valid.
    # grep || () is used as it'll match the tag folder itself if invert is used.
    # grep -E "^[ ] matches immediate files within the tag folder, not in child folders.

    # 1. Look for a readme.txt file in the created tag at the root-level of the tag.
    echo "$TREE" | \
        grep -Ei "^[ ]readme.(md|txt)$" || ( \
            echo "Malformed tag detected, It looks like you're creating a tag ($TAGPATH) without a readme file present." >&2 && \
            exit 1
        )

    # 2. The tag MUST have at least one PHP file in the root.
    echo "$TREE" | \
        grep -Ei "^[ ][^ ].+\.php$" || ( \
            echo "Malformed tag detected, It looks like you're creating a tag ($TAGPATH) without any PHP files." >&2 && \
            exit 1
        )

    # 3. Check for a nested tags folder inside a tagged version.
    # folders called 'tags' are allowed within sub-folders of the plugin, just not at the tag level.
    # Not allowed: plugin-name/tags/1.0/tags/
    # Allowed: plugin-name/tags/1.0/features/tags/index.php
    echo "$TREE" | \
        grep -Ei "^[ ]tags/" && \
        echo "Malformed tag detected, Please don't nest tags within a tag ($TAGPATH/tags/)." >&2 && \
        exit 1
done

I would personally just go with 1 & 2, but 3 is possible to prevent issues.
– 1 & 2 just check that there’s a readme and php file present in the tag, this should prevent 99% of invalid tag creations. This enforces that the tags created actually have content.
– 3 is probably not needed with the above (This was my first attempt at a rule) but it prevents a nested tags folder inside a tag. There’s a slim chance of blocking a valid commit with a plugin with a folder called ‘tags’ but might be worth it to prevent this kind of thing in the future.

#prio2 #svn #plugins

Similar issue to: https://make.wordpress.org/systems/?p=2374 VSCode…

Similar issue to: https://make.wordpress.org/systems/?p=2374

VSCode versions greater than 1.99 dropped support for “legacy linux server” versions.

See: https://code.visualstudio.com/updates/v1_99#_remote-development

When attempting to connect to my sandbox (johnjamesjacoby.dev.ord.wordpress.org) through VSCode 1.99, I am seeing the following relevant error:

This machine does not meet Visual Studio Code Server's prerequisites, expected either...
find GLIBC >= v2.28.0 (but found v2.24.0 instead) for GNU environments
find /lib/ld-musl-x86_64.so.1, which is required to run the Visual Studio Code Server in musl environments
  • I’ve downgraded to VSCode 1.97 as a temporary work-around
  • I’ve backed up my unique & important sandbox items

Tagging Priority 2 as this will be an issue for all VSCode users eventually.

Thank you in advance 🙏

#prio2 #sandbox

Remove mu.wordpress.org’s deprecated forums

As this domain is no longer actively used, and we don’t need the MU support forumSupport Forum WordPress Support Forums is a place to go for help and conversations around using WordPress. Also the place to go to report issues that are caused by errors with the WordPress code and implementations. archives from 15 years ago accessible, can we please:

  • Redirect https://mu.wordpress.org/forums/* to https://wordpress.org/support/forum/multisite/
  • Return 404 https://mu.wordpress.org/forums/rss/* or let it fall through to the redirect to /

This will mean we don’t need to update bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 0.9 for the next PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. upgrade.

#prio2 #bbpress

IP routing issues / IP Blocked?

@theogibb has reported what looks to be either an upstream routing issue between Singlehop & Zayo, an IP blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. in the upstream provider, or a routing issue in a UK ISP.

Could someone from systems take a look? Unsure if this affects an individual or a wider network. The IP included is a DSL IP, so probably rather low priority unless this affects a wider range of users.

Traceroutes in https://wordpress.org/support/topic/my-ip-address-blocked-on-wordpress-org/ & https://wordpress.slack.com/archives/C02QB8GMM/p1735467303643249

Reverse traceroute to IP:

$ mtr -rc2 77.104.182.26
Start: Tue Jan  7 01:21:28 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- wordpress.org              0.0%    10    0.4   0.3   0.2   0.4   0.0
  2.|-- asw-fy171.ord03.singlehop  0.0%    10    0.9   0.9   0.8   1.0   0.0
  3.|-- cr1.c09c10.r15.s101.chi03  0.0%    10   45.1  45.1  45.0  45.2   0.0
  4.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

$ mtr -rnc2 77.104.182.26
Start: Tue Jan  7 01:23:41 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 198.143.164.2              0.0%     2    0.3   0.3   0.3   0.3   0.0
  2.|-- 108.178.47.246             0.0%     2    0.8   0.8   0.8   0.9   0.0
  3.|-- 99.198.126.62              0.0%     2   45.2  45.2  45.2  45.2   0.0
  4.|-- ???                       100.0     2    0.0   0.0   0.0   0.0   0.0

$ mtr -rc2 77.104.182.<strong>1</strong>
Start: Tue Jan  7 01:26:09 2025
HOST: dev.wordpress.org  Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- wordpress.org              0.0%     2    0.4   0.4   0.4   0.4   0.0
  2.|-- dr6506a.ord03.singlehop.net  0.0%     2    0.9   1.0   0.9   1.1   0.0
  3.|-- 77-104-182-1.dsl.in-addr.zen.co.uk  0.0%     2   45.2  45.2  45.2  45.2   0.0

(Note: Last is to the .1 which has no losses, but doesn’t seem to share any common route with end-users provided traceroute)

#prio3 #routing #connectivity

HelpScout forward: polyglots@wordpress.org Can we…

HelpScout forward: polyglots@wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/

Can we please setup forwarding for a new Helpscout inbox:

polyglots@wordpress.org    polyglots@wordpress.helpscoutapp.com

cc @amieiro

#prio1 #email #helpscout

CORS headers for ps.w.org & ts.w.org

As mentioned on Slack

In addition to s.w.org , is it possible to enable CORS headers for image files on ps.w.org? Can’t post to make/systems myself.
Things like pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party icons can be shown in the blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. editor (block directory), and with certain setups and new features (like client-side media processing), CORS headers are needed for displaying them.

If you’re gonna enable it for ps, might as well add it for ts too.

CORS headers are indeed needed for those resources for JavascriptJavaScript JavaScript or JS is an object-oriented computer programming language commonly used to create interactive effects within web browsers. WordPress makes extensive use of JS for a better user experience. While PHP is executed on the server, JS executes within a user’s browser. https://www.javascript.com/. processing of images, is it possible to enable CORS headers for this domain (either for image file types, or all files, given it’s a cookieless domain and reverse proxy for specific matching paths)

#prio3 #cdn