Merge pull request #670 from WordPress/669-restrict-custom-plugin-hea…

…ders Check restricted plugin header fields
WordPress · Sep 26, 2024 · 64cf979 · 64cf979
2 parents 3d2f035 + 4ccecc6
commit 64cf979
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 5 deletions.
diff --git a/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php b/includes/Checker/Checks/Plugin_Repo/Plugin_Header_Fields_Check.php
@@ -51,12 +51,7 @@ public function get_categories() {
 	 * @SuppressWarnings(PHPMD.NPathComplexity)
 	 */
 	public function run( Check_Result $result ) {
-		if ( ! function_exists( 'get_plugin_data' ) ) {
-			require_once ABSPATH . 'wp-admin/includes/plugin.php';
-		}
-
 		$plugin_main_file = $result->plugin()->main_file();
-		$plugin_header    = get_plugin_data( $plugin_main_file );
 
 		$labels = array(
 			'Name'            => 'Plugin Name',
@@ -74,6 +69,16 @@ public function run( Check_Result $result ) {
 			'RequiresPlugins' => 'Requires Plugins',
 		);
 
+		$restricted_labels = array(
+			'BitbucketPluginURI' => 'Bitbucket Plugin URI',
+			'GistPluginURI'      => 'Gist Plugin URI',
+			'GiteaPluginURI'     => 'Gitea Plugin URI',
+			'GitHubPluginURI'    => 'GitHub Plugin URI',
+			'GitLabPluginURI'    => 'GitLab Plugin URI',
+		);
+
+		$plugin_header = $this->get_plugin_data( $plugin_main_file, array_merge( $labels, $restricted_labels ) );
+
 		if ( ! empty( $plugin_header['Name'] ) ) {
 			if ( in_array( $plugin_header['Name'], array( 'Plugin Name', 'My Basics Plugin' ), true ) ) {
 				$this->add_result_warning_for_file(
@@ -229,6 +234,31 @@ public function run( Check_Result $result ) {
 			}
 		}
 
+		$found_headers = array();
+
+		foreach ( $restricted_labels as $restricted_key => $restricted_label ) {
+			if ( array_key_exists( $restricted_key, $plugin_header ) && ! empty( $plugin_header[ $restricted_key ] ) ) {
+				$found_headers[ $restricted_key ] = $restricted_label;
+			}
+		}
+
+		if ( ! empty( $found_headers ) ) {
+			$this->add_result_error_for_file(
+				$result,
+				sprintf(
+					/* translators: %s: header fields */
+					__( 'Restricted plugin header field(s) found: %s', 'plugin-check' ),
+					"'" . implode( "', '", array_values( $found_headers ) ) . "'"
+				),
+				'plugin_header_restricted_fields',
+				$plugin_main_file,
+				0,
+				0,
+				'',
+				7
+			);
+		}
+
 		if ( ! $result->plugin()->is_single_file_plugin() ) {
 			if ( ! empty( $plugin_header['TextDomain'] ) ) {
 				$plugin_slug = $result->plugin()->slug();
@@ -308,6 +338,30 @@ private function is_valid_url( $url ) {
 		return filter_var( $url, FILTER_VALIDATE_URL ) === $url && str_starts_with( $url, 'http' );
 	}
 
+	/**
+	 * Parses the plugin contents to retrieve plugin's metadata.
+	 *
+	 * @since 1.2.0
+	 *
+	 * @param string $plugin_file     Absolute path to the main plugin file.
+	 * @param array  $default_headers List of headers, in the format `array( 'HeaderKey' => 'Header Name' )`.
+	 * @return string[] Array of file header values keyed by header name.
+	 */
+	private function get_plugin_data( $plugin_file, $default_headers ) {
+		$plugin_data = get_file_data( $plugin_file, $default_headers, 'plugin' );
+
+		// If no text domain is defined fall back to the plugin slug.
+		if ( ! $plugin_data['TextDomain'] ) {
+			$plugin_slug = dirname( plugin_basename( $plugin_file ) );
+
+			if ( '.' !== $plugin_slug && ! str_contains( $plugin_slug, '/' ) ) {
+				$plugin_data['TextDomain'] = $plugin_slug;
+			}
+		}
+
+		return $plugin_data;
+	}
+
 	/**
 	 * Gets the description for the check.
 	 *

diff --git a/tests/phpunit/testdata/plugins/test-plugin-header-fields-with-errors/load.php b/tests/phpunit/testdata/plugins/test-plugin-header-fields-with-errors/load.php
@@ -12,6 +12,7 @@
  * License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
  * Text Domain: test-mismathed-textdomain-here
  * Domain Path: /nonexistent-folder
+ * GitHub Plugin URI: johndoe/package
  * Requires Plugins: Example Plugin, OtherPlugin
  *
  * @package test-plugin-header-fields-with-errors

diff --git a/tests/phpunit/tests/Checker/Checks/Plugin_Header_Fields_Check_Tests.php b/tests/phpunit/tests/Checker/Checks/Plugin_Header_Fields_Check_Tests.php
@@ -18,10 +18,13 @@ public function test_run_with_errors() {
 
 		$check->run( $check_result );
 
+		$errors   = $check_result->get_errors();
 		$warnings = $check_result->get_warnings();
 
+		$this->assertNotEmpty( $errors );
 		$this->assertNotEmpty( $warnings );
 
+		$this->assertCount( 1, wp_list_filter( $errors['load.php'][0][0], array( 'code' => 'plugin_header_restricted_fields' ) ) );
 		$this->assertCount( 1, wp_list_filter( $warnings['load.php'][0][0], array( 'code' => 'plugin_header_invalid_plugin_uri_domain' ) ) );
 		$this->assertCount( 1, wp_list_filter( $warnings['load.php'][0][0], array( 'code' => 'plugin_header_invalid_plugin_description' ) ) );
 		$this->assertCount( 1, wp_list_filter( $warnings['load.php'][0][0], array( 'code' => 'plugin_header_invalid_author_uri' ) ) );