From f6b3df32b1e1f43b4f3e21e354d589229f251598 Mon Sep 17 00:00:00 2001 From: sybrew Date: Mon, 8 Nov 2021 07:11:42 +0100 Subject: [PATCH] Updated updater: spam mitigation + list of active extensions. 2.5.1 release --- bootstrap/update.php | 37 +++++++++++++----- .../essentials/articles/trunk/readme.md | 2 +- extensions/essentials/focus/trunk/readme.md | 2 +- extensions/premium/local/trunk/readme.md | 18 ++++----- readme.txt | 38 +++++++++---------- the-seo-framework-extension-manager.php | 7 ++-- 6 files changed, 59 insertions(+), 45 deletions(-) diff --git a/bootstrap/update.php b/bootstrap/update.php index 35005a88..675c651c 100644 --- a/bootstrap/update.php +++ b/bootstrap/update.php @@ -226,7 +226,7 @@ function _hook_plugins_api( $res, $action, $args ) { $url = TSF_EXTENSION_MANAGER_DL_URI . 'get/info/1.0/'; $http_args = [ 'timeout' => 15, - 'user-agent' => 'WordPress/' . $wp_version . '; ' . PHP_VERSION_ID . '; ' . \home_url( '/' ), + 'user-agent' => "WordPress/$wp_version; " . PHP_VERSION_ID . '; ' . \home_url( '/' ), 'body' => [ 'action' => $action, 'request' => serialize( $args ), // phpcs:ignore -- Object injection is mitigated at the request server. @@ -274,7 +274,7 @@ function _hook_plugins_api( $res, $action, $args ) { * @access private */ function _clear_update_cache() { - \delete_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE ); + \update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, [] ); } \add_filter( 'pre_set_site_transient_update_plugins', __NAMESPACE__ . '\\_push_update', PHP_INT_MAX, 2 ); @@ -288,6 +288,8 @@ function _clear_update_cache() { * @since 2.0.0 * @since 2.0.2 Added more cache, because some sites disable transients completely... * @since 2.4.0 Can now fetch required (and available) locale files. + * @since 2.5.1 1. Now uses site options instead of transients. We still have far too many update-spammers. + * 2. We may now collect a list of active extensions. * @access private * @see WP Core \wp_update_plugins() * @@ -310,12 +312,16 @@ function _push_update( $value, $transient ) { if ( isset( $runtimecache ) ) { $cache =& $runtimecache; } else { - // TODO some sites install plugins that disable transients. They invoke thousands of requests to our services within days. - // Use options instead? - $cache_timeout = MINUTE_IN_SECONDS * 20; - $cache = \get_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE ); + $cache = \get_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, [] ); - if ( false === $cache ) { + if ( isset( $cache['_failure_timeout'] ) ) { + if ( $cache['_failure_timeout'] > time() ) + return $value; + + $cache = []; + } + + if ( empty( $cache['_tsfem_delay_updater'] ) || $cache['_tsfem_delay_updater'] < time() ) { // include an unmodified $wp_version include ABSPATH . WPINC . '/version.php'; @@ -346,13 +352,17 @@ function _push_update( $value, $transient ) { $translations = []; } + $options = \get_option( TSF_EXTENSION_MANAGER_SITE_OPTIONS, [] ); + $extensions = isset( $options['active_extensions'] ) ? $options['active_extensions'] : []; + $http_args = [ 'timeout' => 7, // WordPress generously sets 30 seconds when doing cron to check all plugins, but we only check 1 plugin. - 'user-agent' => 'WordPress/' . $wp_version . '; ' . PHP_VERSION_ID . '; ' . \home_url( '/' ), + 'user-agent' => "WordPress/$wp_version; " . PHP_VERSION_ID . '; ' . \home_url( '/' ), 'body' => [ 'plugins' => \wp_json_encode( $plugins ), 'translations' => \wp_json_encode( $translations ), 'locales' => \wp_json_encode( $locales ), + 'extensions' => \wp_json_encode( array_keys( array_filter( $extensions ) ) ), ], ]; @@ -361,6 +371,11 @@ function _push_update( $value, $transient ) { if ( \is_wp_error( $raw_response ) || 200 != \wp_remote_retrieve_response_code( $raw_response ) // phpcs:ignore, WordPress.PHP.StrictComparisons.LooseComparison ) { + $_cache = [ + '_failure_timeout' => time() + ( MINUTE_IN_SECONDS * 10 ), + ]; + \update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $_cache ); + return $value; } @@ -380,8 +395,10 @@ function _push_update( $value, $transient ) { } unset( $plugin ); - $cache =& $response; - \set_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $cache, $cache_timeout ); + $cache =& $response; + $cache['_tsfem_delay_updater'] = time() + ( MINUTE_IN_SECONDS * 30 ); + + \update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $cache ); } $runtimecache = $cache; diff --git a/extensions/essentials/articles/trunk/readme.md b/extensions/essentials/articles/trunk/readme.md index 351fc700..0e664452 100644 --- a/extensions/essentials/articles/trunk/readme.md +++ b/extensions/essentials/articles/trunk/readme.md @@ -247,7 +247,7 @@ add_filter( 'the_seo_framework_sitemap_articles_news_sitemap_query_args', functi ### 2.1.1 -[tsfep-release time="-1"] +[tsfep-release time="November 8th, 2021"] * **Improved:** * This extension now uses a coroutine to generate the Schema.org markup; now it can stop processing at any point the data is not valid. diff --git a/extensions/essentials/focus/trunk/readme.md b/extensions/essentials/focus/trunk/readme.md index 8863e603..88a329ce 100644 --- a/extensions/essentials/focus/trunk/readme.md +++ b/extensions/essentials/focus/trunk/readme.md @@ -310,7 +310,7 @@ document.addEventListener( 'tsfem-focus-gutenberg-content-store-setup', () => { ### 1.5.1 -[tsfep-release time="-1"] +[tsfep-release time="November 8th, 2021"] * **Updated:** * Extension now is fully compatible with The SEO Framework v4.2.0. diff --git a/extensions/premium/local/trunk/readme.md b/extensions/premium/local/trunk/readme.md index 08995d2e..afc0d364 100644 --- a/extensions/premium/local/trunk/readme.md +++ b/extensions/premium/local/trunk/readme.md @@ -7,27 +7,23 @@ This extension lets you set up important local business information for search e ## Overview -### Higher ranking through local search +### Higher ranking with local search -A potential customer or visitor often wants to find out more about your business before interacting. -Therefore, for many businesses, local listings are a must. +For most businesses, local listings are a must. Once listed, a potential visitor can then find more about your business directly from search engines. A local listing within Google will also be placed upfront and sometimes above all other search results. -With the Local extension, you can rank your different local business departments higher in Google and other search engines. -So, your business will be found better by your local customers. - -All the above also accounts for users who add locations in their search query. +With the Local extension, you can list your local business departments in Google and other search engines. [tsfep-image id="1"] ### An advanced SEO solution -We present you an advanced and leading Local solution, excelling other existing similar solutions, for a lower price. +We present you an advanced and leading Local solution. **This software package includes:** -* Support for multiple locations (up to 4096, not only 2). +* Support for up to 4096 locations. * (Reverse) Geocoding through our API services. * Options for opening hours per area. * Internal caching, for significantly faster execution. @@ -128,9 +124,9 @@ Also, when department URLs are filled in, then each specific department's data w ### 1.1.9 -[tsfep-release time="-1"] +[tsfep-release time="November 8th, 2021"] -* **Changed:** Resolved deprecated usage from The SEO Framework v4.2.0. +* **Changed:** Extension now is fully compatible with The SEO Framework v4.2.0. * **Fixed:** Resolved an issue that caused the output not to run on assigned URLs when the main department is disabled. ### 1.1.8 diff --git a/readme.txt b/readme.txt index 6ebe3120..01982f03 100644 --- a/readme.txt +++ b/readme.txt @@ -1,11 +1,11 @@ === The SEO Framework - Extension Manager === Contributors: Cybr Tags: seo, extensions, local, keyword, articles, monitor, modules, schema, honeypot, amp, title, the seo framework -Requires at least: 5.1 -Tested up to: 5.7 +Requires at least: 5.4 +Tested up to: 5.9 Requires PHP: 5.6.5 Requires TSF: 4.1.4 -Stable tag: 2.5.0 +Stable tag: 2.5.1 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html @@ -43,21 +43,25 @@ Please refer to [the installation instructions on our website](https://kb.theseo = 2.5.1 = -TODO test PHP requirement for update. +**Release date:** + +* November 8th, 2021 + +**Feature highlights** + +* Extension Manager is now fully prepared for the imminent release of TSF v4.2.0. +* The 2001 error is now less likely to get invoked. +* Asset URLs are now generated correctly on Windows-based servers. + +**Updated extensions:** -* **Improved:** Extensions now load a tad faster. -* **Improved:** It is now less likely to have the options get invalidated which would otherwise invoke error 2001 (and error 6001 for API users). -* **Fixed:** Resolved an issue where asset-URLs were generated incorrectly for extensions in the admin area on Windows-based servers. Props [Vitaliy].(https://github.com/sybrew/The-SEO-Framework-Extension-Manager/issues/45) -* **Fixed:** Resolved an issue where site-settings were blocked from updating manually via `options.php`. +* [Articles at version 2.1.1](https://theseoframework.com/extensions/articles/#changelog) +* [Local at version 1.1.9](https://theseoframework.com/extensions/local/#changelog) +* [Focus at version 1.5.1](https://theseoframework.com/extensions/focus/#changelog) -* **Updated extensions:** - * Articles @ Version 2.1.1: - * **Changed:** Now uses WordPress's timesystem. - * Local @ Version 1.1.9 - * **Fixed:** You can now store and test your input correctly when the first department is disabled. - * Cord @ Version ?? - * TODO **Added:** Google Analytics 4 support. New settings are added for this. +**Detailed log:** +View the [detailed v2.5.1 changelog](https://tsf.fyi/p/3779). = 2.5.0 - Quick SEO = @@ -93,10 +97,6 @@ View the [detailed v2.5.0 changelog](https://theseoframework.com/?p=3686). == Upgrade Notice == -= 2.5.1 = - -This plugin now requires WordPress v5.4 and The SEO Framework v4.1.4 or higher. - = 2.5.0 = This plugin now requires WordPress v5.1 and The SEO Framework v4.1.2 or higher. diff --git a/the-seo-framework-extension-manager.php b/the-seo-framework-extension-manager.php index 3d00a286..a14cf40f 100644 --- a/the-seo-framework-extension-manager.php +++ b/the-seo-framework-extension-manager.php @@ -3,12 +3,14 @@ * Plugin Name: The SEO Framework - Extension Manager * Plugin URI: https://theseoframework.com/extension-manager/ * Description: Add more powerful SEO features to The SEO Framework. Right from your WordPress dashboard. - * Version: 2.5.1-beta-1 + * Version: 2.5.1 * Author: The SEO Framework Team * Author URI: https://theseoframework.com/ * License: GPLv3 * Text Domain: the-seo-framework-extension-manager * Domain Path: /language + * Requires at least: 5.4.0 + * Requires PHP: 5.6.5 * * @package TSF_Extension_Manager\Bootstrap */ @@ -111,9 +113,8 @@ function tsf_extension_manager_boot() { require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'upgrade.php'; } - if ( is_admin() || wp_doing_cron() ) { + if ( is_admin() || wp_doing_cron() ) require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'update.php'; - } // Load plugin files. require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'load.php';