Update plugins.trac templates.

Similar to https://make.wordpress.org/systems/2023/02/06/update-plugins-trac-templates/ can we please have svnup-meta-checkouts.sh run on svn2?

Could we also consider adding it to a cron task that runs daily on svn2? (svn1 does not need this)

On svn1 it runs whenever a change to the paths it checks out is modified.

#trac #svn #prio3

Upgrade TracWPCookies plugin

tl;dr: Please upgrade TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. to run: 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip. A second request will be made to upgrade to 0.2.

Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ doesn’t use WordPress Sessions, this was for two reasons: 1) bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 1.x, 2) Trac

We no longer have any bbPress 1.x installations present requiring authentication, leaving Trac as the only barrier to enabling the usage of it on WordPress.org infrastructure.
Current 2FA work will require sessions in order to keep track of the authentication type and time since last-2fa-challenge.

WordPress uses user_meta to store the Sessions by default, but that’s not ideal for our usage (primarily due to PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. Serialized arrays needing decoding by trac python), so I’ve adopted the same table structure used on WordPress.comWordPress.com An online implementation of WordPress code that lets you immediately access a new WordPress environment to publish your content. WordPress.com is a private company owned by Automattic that hosts the largest multisite in the world. This is arguably the best place to start blogging if you have never touched WordPress before. https://wordpress.com/ for user sessions – wp_user_sessions

Here are two versions of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and a diff (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ PRs) from present for code/security review if wanted.

  • 0.2 – Supports user cookies with session tokens only diff .zip
  • 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip

Installation steps:

  • Define wp_user_sessions = wporg_user_sessions in the [wordpress] section of the existing Trac config.
  • Remove existing 0.1 version of the plugin.
  • Install 0.2-transitional, Existing cookies should continue to work.

At a future date when Session support has been enabled permanently on WordPress.org:

  • Remove 0.2-transitional and replace with 0.2
  • Existing cookies at that time should be all with Sessions, and so they’ll continue to work. Older session-less cookies will no longer pass auth.

Implementation notes:

  • The auth_salt and auth_key do not need to be updated during this process, as the tokenised cookies simply add an extra token value.
  • The cookie names will remain the same to avoid any other systems-related changes needing to be made.
  • The SQL introduces a join to an additional table for sessions, a const index is used.
  • The WordPress wp_user_session code is here: https://github.com/WordPress/wporg-mu-plugins/pull/345 (It’s WordPress 6.2+, Includes memcache, is based off the WordPress.com implementation)
  • I have tested this on my own Trac + WordPress install, using both wp_user_sessions and no-session cookies.

#auth, #prio1, #trac

Update plugins.trac templates

Can we please update the plugins.tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. checkouts?

On svn1.ord, various meta checkouts are updated via svnup-meta-checkouts.sh, but this doesn’t occur on svn2.ord, as a result, plugins.trac.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ has the old WordPress.org headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. & Footer trac templates and now appears visually broken.

This should be as simple as running svnup-meta-checkouts.sh on svn2.. I don’t imagine it would cause any breakage, as the meta checkouts are in use on all other trac instances without issue.

Ref https://github.com/WordPress/wporg-mu-plugins/issues/326 and many others

#trac #svn #prio3

Spam on mailing lists

Occasionally the WordPress tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. mailing lists (wp-metaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress., wp-trac, wp-svn) get a spam email slip through.

This one came through yesterday:
https://lists.wordpress.org/pipermail/wp-meta/2023-February/052414.html
Screenshot 2023 02 06 at 12 04 40 pm

After the recent email changes, can the rules for the trac-related mailing lists be tightened to only accept definite WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ emails?

#email #trac #prio3

trac nginx cache stuck in updating state

The nginx cache for https://core.trac.wordpress.org/ticket/54504 appears to be stuck in an updating state, with 2-day stale content being served.

This isn’t critical, but a sign of an nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. configuration change being needed I guess, or TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. is crashing on an unauthenticated request to that specific ticket consistently which seems unlikely.

$ curl -Is https://core.trac.wordpress.org/ticket/54504 | grep x-nc
x-nc: UPDATING

In the above example, Comments 94-96 are not visible in the cached response (ie. a logged out incognito request), but are for an authenticated user.

Unknown if this affects many URLs, low priority as it seems likely a rare occurence.

#trac #nginx #cache #prio3

Grant dotorg trac access for Brandon Kraft

Following on from https://make.wordpress.org/systems/2022/04/11/commit-for-images-core-emoji-could-i/ can we please add kraftbj to the dotorg tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. allowed users list?

Thanks in advance.

#trac #prio3

Disable plugins.trac.wordpress.org ticketing

The ticketing system on plugins.trac.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ is currently enabled and is mostly unused, those who are creating tickets don’t get a response and it leads to a bad user experience for everyone.

Can we please disable ticket creation? It looks like the TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. Admin panels aren’t enabled, so I can’t do it myself, but I assume removing both TICKET_CREATE and TICKET_MODIFY from the authenticated user group should be enough.

#trac #prio3

Make GSOC trac read-only

It’s getting pentested: https://gsoc.trac.wordpress.org/ticket/386

Can we make it read-only, and if not, then maybe back it up and shut it down, or put it behind proxy auth or something? It’d be nice to preserve the content for history, but it’s probably not worth maintaining anymore, and definitely not worth cleaning up after pentesters.

#trac #prio3

Remove cookie-stripping behaviour from Trac Ticket caching

As per previous discussions, can we please remove the TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. Caching that strips the Set-Cookie headers from Trac ticket pages?

As mentioned, this causes failures to comment on tickets – https://meta.trac.wordpress.org/ticket/4360

As discussed, you’ll find a hacky Trac plugin that attempts to avoid setting useless Trac cookies in https://wordpress.slack.com/archives/G02QCEMRY/p1554790742034300?thread_ts=1554340318.022800&cid=G02QCEMRY but it’s mostly untested and may not work as needed.

The Latest trac plugin is in https://gist.github.com/dd32/e1a6e434cb9b5721cc086e51751f8c44 and has been tested well on a standalone trac installation.
The pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party does several things:
– Prevents Cookies being sent on anonymous pageviews
– Prevents anonymous sessions being saved to the DB (as there’s no such thing anymore)
– Blocks access to /prefs for anonymous users
– Expires all trac_* cookies after the user is no longer authenticated, such as to remove the trac_form_token cookie.

#trac #prio1

Can bbPress.trac please get Core’s…

Can bbPress.tracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. please get CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress.’s Ticket Workflow enabled for it? Same as MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress./BuddyPress already have.

ref: https://meta.trac.wordpress.org/ticket/2508

#prio3 #trac