Home › Forums › BulletProof Security Pro › BPS Pro Compatibility with classicpress?
- This topic has 17 replies, 3 voices, and was last updated 5 years, 2 months ago by robf.
-
AuthorPosts
-
AITpro AdminKeymaster
@ James – Oops yeah what I meant was the bulletproof-security.zip file. 😉 Was working on another issue at the time and my caffeine levels were way too low. ha ha ha. The other issue I was working on was BPS Pro MScan, which automatically downloads the wordpress.zip file from wordpress.org. MScan downloads and extracts the wordpress.zip (latest.zip) file from wordpress.org, extracts it and creates a master Hash file with all WP file hashes in it, which is used to check against live WordPress files. I’ll save that problem for another day though. 😉
Anyway I’ll write some new conditions to allow for ClassicPress to communicate with our API server. Since I have not started looking at this yet I don’t have any questions for you guys, but I’m sure I will once I get started on this.
James NylenParticipantThe other issue I was working on was BPS Pro MScan, which automatically downloads the wordpress.zip file from wordpress.org
Sounds interesting 🙂
Continuing with the theme of ClassicPress compatibility, here is how you can detect a ClassicPress version number and get the corresponding zipfile for that release:
- If
function_exists( 'classicpress_version' )
, call it to get the ClassicPress version number - Look up the full version number in the GitHub API under
ClassicPress/ClassicPress-release
(example URL). This will catch sites where ClassicPress was installed from scratch or upgraded to a new build after migrating from WordPress. - If not found there, look it up in
ClassyBot/ClassicPress-nightly
(example URL). This will cover sites that were migrated from WordPress to ClassicPress, or people who are running the ClassicPress nightly builds. - If the response key
assets[0].browser_download_url
is set, use it (only true for the+migration.YYYYMMDD
builds from theClassicPress-nightly
repository). Otherwise, use thezipball_url
response key. - If no release data was found, then the site is not using an official build of ClassicPress and this scanner is probably not the right tool to be using.
Any code checking the GitHub API should be able to handle redirects because we may transfer or rename these repositories in the future (especially the nightly builds). Other than that, we’ll always publish our releases to GitHub in this way, so you can rely on this structure for the future.
We have much more planned here, including documentation for people who are interested in verifying our existing chain of trust involving signed
git
tags, and providing and using a file-hash API ourselves. But that is for another day.robfParticipantClassicPress have now implemented a fix for this issue, from their forums:
“After seeing this issue a couple more times with different premium plugins and themes, we decided to implement a fix in ClassicPress.
Upgrade to 1.0.0-rc1 and you should have no further issues with BPS Pro updates.”
- If
-
AuthorPosts
- You must be logged in to reply to this topic.