BPS Pro Compatibility with classicpress?

Home Forums BulletProof Security Pro BPS Pro Compatibility with classicpress?

Viewing 3 posts - 16 through 18 (of 18 total)
1 2
  • Author
    Posts
  • January 29, 2019 at 1:28 pm #36856
    AITpro Admin
    Keymaster

    @ James – Oops yeah what I meant was the bulletproof-security.zip file.  😉  Was working on another issue at the time and my caffeine levels were way too low. ha ha ha.  The other issue I was working on was BPS Pro MScan, which automatically downloads the wordpress.zip file from wordpress.org.  MScan downloads and extracts the wordpress.zip (latest.zip) file from wordpress.org, extracts it and creates a master Hash file with all WP file hashes in it, which is used to check against live WordPress files. I’ll save that problem for another day though. 😉

    Anyway I’ll write some new conditions to allow for ClassicPress to communicate with our API server.  Since I have not started looking at this yet I don’t have any questions for you guys, but I’m sure I will once I get started on this.

    January 30, 2019 at 9:43 pm #36857
    James Nylen
    Participant

    The other issue I was working on was BPS Pro MScan, which automatically downloads the wordpress.zip file from wordpress.org

    Sounds interesting 🙂

    Continuing with the theme of ClassicPress compatibility, here is how you can detect a ClassicPress version number and get the corresponding zipfile for that release:

    • If function_exists( 'classicpress_version' ), call it to get the ClassicPress version number
    • Look up the full version number in the GitHub API under ClassicPress/ClassicPress-release (example URL).  This will catch sites where ClassicPress was installed from scratch or upgraded to a new build after migrating from WordPress.
    • If not found there, look it up in ClassyBot/ClassicPress-nightly (example URL).  This will cover sites that were migrated from WordPress to ClassicPress, or people who are running the ClassicPress nightly builds.
    • If the response key assets[0].browser_download_url is set, use it (only true for the +migration.YYYYMMDD builds from the ClassicPress-nightly repository).  Otherwise, use the zipball_url response key.
    • If no release data was found, then the site is not using an official build of ClassicPress and this scanner is probably not the right tool to be using.

    Any code checking the GitHub API should be able to handle redirects because we may transfer or rename these repositories in the future (especially the nightly builds). Other than that, we’ll always publish our releases to GitHub in this way, so you can rely on this structure for the future.

    We have much more planned here, including documentation for people who are interested in verifying our existing chain of trust involving signed git tags, and providing and using a file-hash API ourselves. But that is for another day.

    February 21, 2019 at 1:15 am #36897
    robf
    Participant

    ClassicPress have now implemented a fix for this issue, from their forums:

    “After seeing this issue a couple more times with different premium plugins and themes, we decided to implement a fix in ClassicPress.

    Upgrade to 1.0.0-rc1 and you should have no further issues with BPS Pro updates.”

  • Author
    Posts
Viewing 3 posts - 16 through 18 (of 18 total)
1 2
  • You must be logged in to reply to this topic.