diff --git a/README.md b/README.md index f2c70cec..d7e79677 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ This package implements the following commands: Verifies WordPress files against WordPress.org's checksums. ~~~ -wp core verify-checksums [--version=] [--locale=] [--insecure] +wp core verify-checksums [--include-root] [--version=] [--locale=] [--insecure] ~~~ Downloads md5 checksums for the current version from WordPress.org, and @@ -31,6 +31,9 @@ site. **OPTIONS** + [--include-root] + Verify all files and folders in the root directory, and warn if any non-WordPress items are found. + [--version=] Verify checksums against a specific version of WordPress. diff --git a/features/checksum-core.feature b/features/checksum-core.feature index ce6d796c..fffcc0b2 100644 --- a/features/checksum-core.feature +++ b/features/checksum-core.feature @@ -33,6 +33,37 @@ Feature: Validate checksums for WordPress install Warning: File doesn't exist: readme.html Error: WordPress installation doesn't verify against checksums. """ + And the return code should be 1 + + Scenario: Core checksums don't verify because wp-cli.yml is present + Given a WP install + And a wp-cli.yml file: + """ + plugin install: + - user-switching + """ + + When I try `wp core verify-checksums` + Then STDERR should be: + """ + Warning: File should not exist: wp-cli.yml + """ + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 + + When I run `rm wp-cli.yml` + Then STDERR should be empty + + When I run `wp core verify-checksums` + Then STDERR should be empty + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 Scenario: Verify core checksums without loading WordPress Given an empty directory @@ -96,23 +127,76 @@ Feature: Validate checksums for WordPress install """ And the return code should be 0 - Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root - Given a WP install - And a wp-extra-file.php file: - """ - hello world - """ - - When I try `wp core verify-checksums` - Then STDERR should be: - """ - Warning: File should not exist: wp-extra-file.php - """ - And STDOUT should be: - """ - Success: WordPress installation verifies against checksums. - """ - And the return code should be 0 + Scenario: Verify core checksums when extra files prefixed with 'wp-' are included in WordPress root + Given a WP install + And a wp-extra-file.php file: + """ + hello world + """ + + When I try `wp core verify-checksums` + Then STDERR should be: + """ + Warning: File should not exist: wp-extra-file.php + """ + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 + + Scenario: Verify core checksums when extra files are included in WordPress root and --include-root is passed + Given a WP install + And a extra-file.php file: + """ + hello world + """ + And a unknown-folder/unknown-file.php file: + """ + taco burrito + """ + And a wp-content/unknown-file.php file: + """ + foobar + """ + + When I try `wp core verify-checksums --include-root` + Then STDERR should contain: + """ + Warning: File should not exist: unknown-folder/unknown-file.php + """ + And STDERR should contain: + """ + Warning: File should not exist: extra-file.php + """ + And STDERR should not contain: + """ + Warning: File should not exist: wp-content/unknown-file.php + """ + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 + + When I run `wp core verify-checksums` + Then STDERR should not contain: + """ + Warning: File should not exist: unknown-folder/unknown-file.php + """ + And STDERR should not contain: + """ + Warning: File should not exist: extra-file.php + """ + And STDERR should not contain: + """ + Warning: File should not exist: wp-content/unknown-file.php + """ + And STDOUT should be: + """ + Success: WordPress installation verifies against checksums. + """ + And the return code should be 0 Scenario: Verify core checksums with a plugin that has wp-admin Given a WP install diff --git a/src/Checksum_Core_Command.php b/src/Checksum_Core_Command.php index 570c1b0b..eed09828 100644 --- a/src/Checksum_Core_Command.php +++ b/src/Checksum_Core_Command.php @@ -10,6 +10,13 @@ */ class Checksum_Core_Command extends Checksum_Base_Command { + /** + * Whether or not to verify contents of the root directory. + * + * @var boolean + */ + private $include_root = false; + /** * Verifies WordPress files against WordPress.org's checksums. * @@ -25,6 +32,9 @@ class Checksum_Core_Command extends Checksum_Base_Command { * * ## OPTIONS * + * [--include-root] + * : Verify all files and folders in the root directory, and warn if any non-WordPress items are found. + * * [--version=] * : Verify checksums against a specific version of WordPress. * @@ -69,6 +79,10 @@ public function __invoke( $args, $assoc_args ) { $locale = $assoc_args['locale']; } + if ( ! empty( $assoc_args['include-root'] ) ) { + $this->include_root = true; + } + if ( empty( $wp_version ) ) { $details = self::get_wp_details(); $wp_version = $details['wp_version']; @@ -136,6 +150,10 @@ public function __invoke( $args, $assoc_args ) { * @return bool */ protected function filter_file( $filepath ) { + if ( true === $this->include_root ) { + return ( 1 !== preg_match( '/^(wp-config\.php$|wp-content\/)/', $filepath ) ); + } + return ( 0 === strpos( $filepath, 'wp-admin/' ) || 0 === strpos( $filepath, 'wp-includes/' ) || 1 === preg_match( '/^wp-(?!config\.php)([^\/]*)$/', $filepath )