Facebook Sharer blocked from ps.w.org CDN

It appears that the facebook scraper has been blocked from ps.w.org.

This causes facebook shares for WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ hosted plugins to not include images.

This is visible in the Facebook debugger as a warning:

Invalid Image Content Type Provided og:image URL, https://ps.w.org/hello-dolly/assets/banner-772×250.jpg?rev=2052855 could not be processed as an image because it has an invalid content type.

https://developers.facebook.com/tools/debug/?q=https%3A%2F%2Fwordpress.org%2Fplugins%2Fhello-dolly%2F

A nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. 403 can be seen at the following url, which suggests facebook scraper has been blocked from the CDN.

https://developers.facebook.com/tools/debug/echo/?q=https%3A%2F%2Fps.w.org%2Fhello-dolly%2Fassets%2Fbanner-772x250.jpg%3Frev%3D2052855

#prio2 #cdn #plugins

Mailing lists subscription functions broken.

As reported in #meta by @westonruter:

It seems like the wp-svn and wp-trac mailing lists aren’t working for new subscriptions. I’ve also tried unsubscribing an old email but I was unsuccessful. (edited)

I’ve verified the behaviour that new subscriptions appear not to generate any emails, either subscription confirmation or notifications from TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. (I sub’d a ...@hulse.com.au email to wp-trac, and verified with Google Email Log search)

#prio2 #lists #email

Plugins pre-commit rule to prevent nested tags

Unfortunately some pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party authors accidentally create tag-inception by copying their entire plugins repo into a tag (ie. copy /name/ to /name/tags/1.0/) which results in nested tags (/name/tags/1.0/tags/0.9/, etc). Doing this multiple times causes the SVNSVN Apache Subversion (often abbreviated SVN, after its command name svn) is a software versioning and revision control system. Software developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS). WordPress core and the wordpress.org released code are all centrally managed through SVN. https://subversion.apache.org/. path to ballon in size (each tagged version it effectively doubles in size) causing plugin export issues / server resource issues eventually.

For some background on this, see this private slack discussion: https://wordpress.slack.com/archives/G02QCEMRY/p1740180642033019
There have been numerous plugins that have run into this, so it’s not just a single author.

To reduce the impact of this, I’ve added a check on the code side to abort when a tag does not contain any files. See https://meta.trac.wordpress.org/changeset/14432

To completely prevent this, can we please add a pre-commit hook to blockBlock Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. it entirely?

Some lightly tested rules I’ve put together follow.. I do not know how expensive the svnlook tree commands are within a pre-commit rule. Now that I look at it again, I could’ve probably used --full-paths or --non-recursive potentially to reduce complexity.


# Iterate over all the added tags in the commit, checking each one for various common issues.
$SVNLOOK changed -t "$TXN" "$REPOS" | \
    grep -Eoi "^A\s+[^/]+/tags/[^/]+" | \
    sort | \
    uniq | \
    while read TAGSTATUS TAGPATH
do
    TREE=$($SVNLOOK tree -t "$TXN" "$REPOS" "$TAGPATH")

    # Perform some basic checks that the created tag looks valid.
    # grep || () is used as it'll match the tag folder itself if invert is used.
    # grep -E "^[ ] matches immediate files within the tag folder, not in child folders.

    # 1. Look for a readme.txt file in the created tag at the root-level of the tag.
    echo "$TREE" | \
        grep -Ei "^[ ]readme.(md|txt)$" || ( \
            echo "Malformed tag detected, It looks like you're creating a tag ($TAGPATH) without a readme file present." >&2 && \
            exit 1
        )

    # 2. The tag MUST have at least one PHP file in the root.
    echo "$TREE" | \
        grep -Ei "^[ ][^ ].+\.php$" || ( \
            echo "Malformed tag detected, It looks like you're creating a tag ($TAGPATH) without any PHP files." >&2 && \
            exit 1
        )

    # 3. Check for a nested tags folder inside a tagged version.
    # folders called 'tags' are allowed within sub-folders of the plugin, just not at the tag level.
    # Not allowed: plugin-name/tags/1.0/tags/
    # Allowed: plugin-name/tags/1.0/features/tags/index.php
    echo "$TREE" | \
        grep -Ei "^[ ]tags/" && \
        echo "Malformed tag detected, Please don't nest tags within a tag ($TAGPATH/tags/)." >&2 && \
        exit 1
done

I would personally just go with 1 & 2, but 3 is possible to prevent issues.
– 1 & 2 just check that there’s a readme and php file present in the tag, this should prevent 99% of invalid tag creations. This enforces that the tags created actually have content.
– 3 is probably not needed with the above (This was my first attempt at a rule) but it prevents a nested tags folder inside a tag. There’s a slim chance of blocking a valid commit with a plugin with a folder called ‘tags’ but might be worth it to prevent this kind of thing in the future.

#prio2 #svn #plugins

Similar issue to: https://make.wordpress.org/systems/?p=2374 VSCode…

Similar issue to: https://make.wordpress.org/systems/?p=2374

VSCode versions greater than 1.99 dropped support for “legacy linux server” versions.

See: https://code.visualstudio.com/updates/v1_99#_remote-development

When attempting to connect to my sandbox (johnjamesjacoby.dev.ord.wordpress.org) through VSCode 1.99, I am seeing the following relevant error:

This machine does not meet Visual Studio Code Server's prerequisites, expected either...
find GLIBC >= v2.28.0 (but found v2.24.0 instead) for GNU environments
find /lib/ld-musl-x86_64.so.1, which is required to run the Visual Studio Code Server in musl environments
  • I’ve downgraded to VSCode 1.97 as a temporary work-around
  • I’ve backed up my unique & important sandbox items

Tagging Priority 2 as this will be an issue for all VSCode users eventually.

Thank you in advance 🙏

#prio2 #sandbox

Remove mu.wordpress.org’s deprecated forums

As this domain is no longer actively used, and we don’t need the MU support forumSupport Forum WordPress Support Forums is a place to go for help and conversations around using WordPress. Also the place to go to report issues that are caused by errors with the WordPress code and implementations. archives from 15 years ago accessible, can we please:

  • Redirect https://mu.wordpress.org/forums/* to https://wordpress.org/support/forum/multisite/
  • Return 404 https://mu.wordpress.org/forums/rss/* or let it fall through to the redirect to /

This will mean we don’t need to update bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 0.9 for the next PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. https://www.php.net/manual/en/preface.php. upgrade.

#prio2 #bbpress

429’s on WordCamp sites

Syncing a comment from slackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/. to here, as it’ll get lost otherwise.

https://wordpress.slack.com/archives/G02QCEMRY/p1728007383649489

A bunch of Australians are either unable to access https://sydney.wordcamp.org/schedule/ and https://central.wordcamp.org/schedule/, as they’re getting 429’s, or it looks like half the CSS/JS/images loaded are failing to load.

(Some IPs included in the slack comment)

Additional reports include

  • https://wordpress.slack.com/archives/C08M59V3P/p1727978403782009
  • https://wordpress.slack.com/archives/C08M59V3P/p1728020305092339?thread_ts=1728017732.714399&cid=C08M59V3P
  • https://wordpress.slack.com/archives/C08M59V3P/p1728026561448409
  • https://wordpress.slack.com/archives/C08M59V3P/p1728025534541309

#prio2 #wordcamp-org

www.wp-cli.org SSL setup wp-cli.org is…

www.wp-cli.org SSLSSL Secure Socket Layer - Encryption from the server to the browser and back. Prevents prying eyes from seeing what you are sending between your browser and the server. setup

Raised via: https://wordpress.slack.com/archives/C02QB8GMM/p1719398059892329

wp-cli.org is hosted on GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ Pages, the A records are setup properly for this.

In order for GitHub Pages to provision a SSL certificate for the www subdomain however, the subdomain needs to be a CNAME to wp-cli.github.io. Currently it’s a CNAME to wp-cli.org.

Can we please change www.wp-cli.org from a CNAME to itself, to that of github?

Currently:

$ dig www.wp-cli.org +short
wp-cli.org.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

Should be:

$ dig www.wp-cli.org +short
wp-cli.github.io.
185.199.111.153
185.199.110.153
185.199.109.153
185.199.108.153

#ssl #dns #github #wpcli #prio2

Enable CORS for core translation downloads

Currently CORS isn’t enabled for a URLURL A specific web address of a website or web page on the Internet, such as a website’s URL www.wordpress.org such as the below.

 https://downloads.wordpress.org/translation/core/6.5/fr_FR.zip

This appears to be because the translation CORS headers are set to builds/(plugins|themes) which doesn’t include coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. (which is in builds/core/$locale.zip

Can we have that (plugins|themes) expanded to (core|plugins|themes) in the wporg_downloads_cors_* maps please?

Reported via https://github.com/WordPress/wordpress-playground/issues/1206

Thanks!

#prio2 #translations #nginx #playground

Enable DKIM for WordCamp GSuite?

While looking at DKIM for 3rd-party tools, I noticed we don’t have it setup for GSuite emails.

Do we need to setup DKIM for those domains? Or is the default gsuite dkim setup enough?

Direct link: https://admin.google.com/ac/apps/gmail/authenticateemail
You can login using the ?secret_id=7194 secret.

Outgoing emails from GSuite currently show this in gmail receivers:

SPF:  PASS with IP 209.85.220.41
DKIM:   'PASS' with domain wordcamp-org.20230601.gappssmtp.com
DMARC:  'PASS' 

While emails sent from WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. production show:

DKIM: 'PASS' with domain wordcamp.org
DMARC:  'PASS'

#prio2 #email #wordcamp

Enable DKIM for 3rd-party WordCamp emails

Since February 1, 2024, Gmail and Yahoo have implemented new requirements for email senders to protect users’ inboxes from spam more effectively while ensuring legitimate emails are received.

As y’all know, Google and Yahoo have changed how they handle non-authenticated emails. While emails we send are likely to have proper authentication in place, emails sent from 3rd-parties don’t.

Some 3rd-party tools can use the Gsuite account for emails (Freescout & HelpScout for example). Other tools, such as Mailchimp, Active Campaign, Brevo, and a long list of others don’t support it.

Mailchimp is currently enabled for DKIM, as it’s used for the main Central account – and as I’ve just found out, as long as you can receive email for a email address, any WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. can use that verification; so any WordCamp using Mailchimp is fine.

Active Campaign is used (at least) by WordCamp Asia, this requires adding additional DKIM keys and a CNAME to verify the domain ownership.

acdkim1._domainkey.wordcamp.org CNAME dkim.acdkim1.acems1.com
acdkim2._domainkey.wordcamp.org CNAME dkim.acdkim2.acems1.com

em-3501330.wordcamp.org CNAME cmd.emsend1.com

Brevo is currently used by (at least) WordCamp Europe. Similar to above, it requires the DKIM records and an ownership verification record.

Unfortunately these do not use CNAME’s and require TXT records be added:

wordcamp.org TXT brevo-code:[pixelated-text]
mail._domainkey.wordcamp.org TXT k=rsa;[pixelated-text]

(@casiepa can you let me know the actual values for these? I can only find pixelated images)

I don’t know how to handle this going forward; especially in the case of the above which require may require ownership verification from future WordCamps, I’m almost certain the above authentication steps won’t work for future camps.

If systems have any objections to enabling DKIM and ownership verifications of the domain for WordCamps, let us know and we’ll discuss if there’s an alternative; At present it doesn’t appear there’s many other options; aside from requiring WordCamps to use a limited selection of tools, or to use a 3rd-party domains (such as team@wc{city}.org).

Regional WordCamps (Asia, Europe, and US) get special treatment however in this regard; so I assume enabling DKIM is going to be possible.

#wordcamp #email #prio2 #dns