Tag Archives: prio1

Helen Hou-Sandi 4:51 am on October 20, 2020
Tags: prio1   

Change master branch name on GitHub wordpress-develop security mirror to public-trunk

We are now running automated tests on coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. using the GitHubGitHub GitHub is a website that offers online implementation of git repositories that can can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Actions runner with the goal of transitioning off of Travis; however, we need to both reduce the runs because of usage limitations on private repos and also because it’s unnecessary to run all those tests on the same code content between mirrors all the time.

To that end, I am requesting that trunk (the master branch in the git.wp.org mirror) be synced to public-trunk on the GitHub wordpress-develop security mirror instead of master.

We are not close to moving off of Travis entirely yet but if this can be fit in sooner than later, that would be helpful so we can continue work on some related testing setups.

#prio1

Hugh Lashbrooke 6:53 pm on August 13, 2020
Tags: prio1   

Create learn@wordpress.org and forward to Help Scout

We need a new email address set up for the new learn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ platform that we can use to communicate with workshop presenters, reviewers, discussion group leaders, and other volunteers.

The email address we’d like is learn@wordpress.org. This will be managed in a Help Scout mailbox, so please set it up to forward to this email address: learn-wordpress@mu.helpscoutapp.com

Do you need any additional information to set this up?

#prio1 +make.wordpress.org/community/

Corey McKrill 9:43 pm on August 8, 2020
Tags: prio1   

Add nginx config to support subdirectory sites on learn.wordpress.org

learn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ is already configured as a separate multisiteMultisite Multisite is a WordPress feature which allows users to create a network of sites on a single WordPress installation. Available since WordPress version 3.0, Multisite is a continuation of WPMU or WordPress Multiuser project. WordPress MultiUser project was discontinued and its features were included into WordPress core.https://codex.wordpress.org/Create_A_Network. network, but has only had the one root site so far. When I try to access a subdirectory site I created at learn.wordpress.org/test/, I get a browser error that the page isn’t redirecting properly.

It looks like make.wordpress.org has an nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. config file that enables support for its subdirectory sites, so I’m guessing learn would need something very similar.

We’re trying to get the learn.wordpress.org site updated by Aug 12th, so I’m setting this to high priority in the hopes that it can get done soon.

Thanks!

#prio1

dd32 2:10 am on August 8, 2020
Tags: prio1   

Add location block for `/files/` X-Accel-Redirect rewrites.

Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ uses ms-files.php still, and while it’d be nice to move away from that, it’s not straight forward to doing so.
ms-files.php suffers from a long-term bug where videos can’t be played in Safari due to not supporting Range headers. As a work-around for that, we’d like to enable the X-Accel-Redirect offload functionality which will fix that.

How to test:
– https://make.wordpress.org/core/2020/08/06/wordpress-5-5-core-editor-accessibility-improvements/ has videos that should load/play in Safari, they currently do not.
– Add blogs.dir location blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. (see below)
– Add define( 'WPMU_ACCEL_REDIRECT', true ); to wp-config.php
– Videos should now play in Safari.

Using that as an example, the ms-files path is:
https://make.wordpress.org/core/files/2020/08/roving-tabindex-1.mp4

WPMU_ACCEL_REDIRECT once enabled, outputs:
X-Accel-Redirect: /blogs.dir/6/files/2020/08/roving-tabindex-1.mp4

I believe something similar to the following should work for all WordPress.org network sites (those served out of the WordPress.org users public_html):

location /blogs.dir/ {
  internal;
  alias /uploads/;
}
  • PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. execution within that location is not required.
  • 404’s should 404, ms-files.php will take care of that.
  • This should NOT apply to buddypress or sites hosted on non-wordpress.org users.
  • The X-Accel-Redirect response can be cached if wanted, but I assume the default caching strategy would already do so.

#prio1

Ian Dunn 6:53 pm on April 13, 2020
Tags: prio1   

WordCamp.org admin-ajax self-ddos

Yesterday there was an outage, which was caused by an admin-ajax infinite loopLoop The Loop is PHP code used by WordPress to display posts. Using The Loop, WordPress processes each post to be displayed on the current page, and formats it according to how it matches specified criteria within The Loop tags. Any HTML or PHP code in the Loop will be processed on each post. https://codex.wordpress.org/The_Loop.. The logs didn’t provide enough information to debug, though, so we’ll need to gather more information to start troubleshooting.

Possibly related to https://make.wordpress.org/systems/2020/01/16/wordcamp-org-slow-load-times/

x-ref archives/C204BD7PT/p1586640064085000

#prio1

dd32 7:30 am on March 21, 2020
Tags: prio1   

Re-evaluate the Chinese rate-limiting

Back in October some rate limiting was added for certain traffic from Chinese sources, can we re-evaluate that rate limiting? Is it still needed? Can it be relaxed?
I realise the blocking was added due to significant abuse at the time with little other options, I’m just hopeful that that’s no longer the case.

There’s been several complains over the last few months, and as it turns out, there’s now some Chinese clones/proxies of WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ to work around it.

Some relevant threads:

  • https://wordpress.org/support/topic/china-cannot-access-wordpress-org/
  • https://wordpress.org/support/topic/all-chinese-user-429-too-many-requests-unfair/
  • https://meta.trac.wordpress.org/ticket/5106
  • https://wordpress.org/search/429/?forums=1

#prio1

dd32 2:25 am on July 1, 2019
Tags: prio1,   

Remove cookie-stripping behaviour from Trac Ticket caching

As per previous discussions, can we please remove the TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. Caching that strips the Set-Cookie headers from Trac ticket pages?

As mentioned, this causes failures to comment on tickets – https://meta.trac.wordpress.org/ticket/4360

As discussed, you’ll find a hacky Trac plugin that attempts to avoid setting useless Trac cookies in https://wordpress.slack.com/archives/G02QCEMRY/p1554790742034300?thread_ts=1554340318.022800&cid=G02QCEMRY but it’s mostly untested and may not work as needed.

The Latest trac plugin is in https://gist.github.com/dd32/e1a6e434cb9b5721cc086e51751f8c44 and has been tested well on a standalone trac installation.
The pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party does several things:
– Prevents Cookies being sent on anonymous pageviews
– Prevents anonymous sessions being saved to the DB (as there’s no such thing anymore)
– Blocks access to /prefs for anonymous users
– Expires all trac_* cookies after the user is no longer authenticated, such as to remove the trac_form_token cookie.

#trac #prio1

dd32 7:37 am on June 20, 2019
Tags: prio1   

Hi! As per a discussion…

Hi! As per a discussion with @andreamiddleton can myself and @tellyworth please have the WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. role applied to our sandboxes?

This is to aid in support for WordCamp Europe this year if any unexpected things come up, and ongoing work we do that crosses over into that area.

#prio1

dd32 1:16 am on March 18, 2019
Tags: prio1   

Change plugins.svn linting to PHP 7.current please

As a follow up to https://make.wordpress.org/systems/2018/03/12/change-all-svn-php-linting-to-php7/ and https://meta.trac.wordpress.org/ticket/3791 can we please switch the PHP linting for plugins.svn to 7.2 and keep it up-to-date with newer PHP branches as they’re deployed for WordPress.org?

Although this is specifically for plugins.svn, the same should be applicable to all SVNs now, as any which require an older PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. version will be enforced through Travis and other tools.

Having the linter exclude newer syntax is becoming a limitation for pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party developers and with the work being done around plugins specifying minimum PHP versions, and increasing the WordPress minimum versions, is going to result in more plugins requiring PHP 7.1/7.2/etc.

#prio1

dd32 8:54 pm on October 3, 2018
Tags: prio1   

Hi! Can we please add…

Hi! Can we please add the ms-files.php rewrite required for uploaded media on wordpress.org/support/?

The following rule should fit into the existing location /support/ blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience.:
rewrite ^/support/files/(.+) /wp-includes/ms-files.php?file=$1 last;

Example URI which should work after the rule is added: https://wordpress.org/support/files/2018/10/WordPress-logotype-wmark-3.png

#prio1