diff --git a/src/wp-admin/css/list-tables.css b/src/wp-admin/css/list-tables.css index 87cc3f2f8a..91b1a2c9ce 100644 --- a/src/wp-admin/css/list-tables.css +++ b/src/wp-admin/css/list-tables.css @@ -1310,6 +1310,31 @@ ul.cat-checklist { text-decoration: underline; } +.plugins tr.paused th.check-column { + border-left: 4px solid #d54e21; +} + +.plugins tr.paused th, +.plugins tr.paused td { + background-color: #fef7f1; +} + +.plugins tr.paused .plugin-title, +.plugins .paused .dashicons-warning { + color: #dc3232; +} + +.plugins .paused .error-display p, +.plugins .paused .error-display code { + font-size: 90%; + font-style: italic; + color: rgb( 0, 0, 0, 0.7 ); +} + +.plugins .resume-link { + color: #dc3232; +} + .plugin-card .update-now:before { color: #f56e28; content: "\f463"; diff --git a/src/wp-admin/includes/admin-filters.php b/src/wp-admin/includes/admin-filters.php index 4da6469d5f..3407e93171 100644 --- a/src/wp-admin/includes/admin-filters.php +++ b/src/wp-admin/includes/admin-filters.php @@ -117,6 +117,8 @@ add_action( 'load-plugins.php', 'wp_plugin_update_rows', 20 ); // After wp_updat add_action( 'load-themes.php', 'wp_theme_update_rows', 20 ); // After wp_update_themes() is called. add_action( 'admin_notices', 'update_nag', 3 ); +add_action( 'admin_notices', 'paused_plugins_notice', 5 ); +add_action( 'admin_notices', 'paused_themes_notice', 5 ); add_action( 'admin_notices', 'maintenance_nag', 10 ); add_filter( 'update_footer', 'core_update_footer' ); diff --git a/src/wp-admin/includes/class-wp-plugins-list-table.php b/src/wp-admin/includes/class-wp-plugins-list-table.php index f83473af4d..cd4e6ea883 100644 --- a/src/wp-admin/includes/class-wp-plugins-list-table.php +++ b/src/wp-admin/includes/class-wp-plugins-list-table.php @@ -40,7 +40,7 @@ class WP_Plugins_List_Table extends WP_List_Table { ); $status = 'all'; - if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search' ) ) ) { + if ( isset( $_REQUEST['plugin_status'] ) && in_array( $_REQUEST['plugin_status'], array( 'active', 'inactive', 'recently_activated', 'upgrade', 'mustuse', 'dropins', 'search', 'paused' ) ) ) { $status = $_REQUEST['plugin_status']; } @@ -99,6 +99,7 @@ class WP_Plugins_List_Table extends WP_List_Table { 'upgrade' => array(), 'mustuse' => array(), 'dropins' => array(), + 'paused' => array(), ); $screen = $this->screen; @@ -183,16 +184,18 @@ class WP_Plugins_List_Table extends WP_List_Table { foreach ( (array) $plugins['all'] as $plugin_file => $plugin_data ) { // Extra info if known. array_merge() ensures $plugin_data has precedence if keys collide. if ( isset( $plugin_info->response[ $plugin_file ] ) ) { - $plugins['all'][ $plugin_file ] = $plugin_data = array_merge( (array) $plugin_info->response[ $plugin_file ], $plugin_data ); + $plugin_data = array_merge( (array) $plugin_info->response[ $plugin_file ], $plugin_data ); + $plugins['all'][ $plugin_file ] = $plugin_data; // Make sure that $plugins['upgrade'] also receives the extra info since it is used on ?plugin_status=upgrade if ( isset( $plugins['upgrade'][ $plugin_file ] ) ) { - $plugins['upgrade'][ $plugin_file ] = $plugin_data = array_merge( (array) $plugin_info->response[ $plugin_file ], $plugin_data ); + $plugins['upgrade'][ $plugin_file ] = $plugin_data; } } elseif ( isset( $plugin_info->no_update[ $plugin_file ] ) ) { - $plugins['all'][ $plugin_file ] = $plugin_data = array_merge( (array) $plugin_info->no_update[ $plugin_file ], $plugin_data ); + $plugin_data = array_merge( (array) $plugin_info->no_update[ $plugin_file ], $plugin_data ); + $plugins['all'][ $plugin_file ] = $plugin_data; // Make sure that $plugins['upgrade'] also receives the extra info since it is used on ?plugin_status=upgrade if ( isset( $plugins['upgrade'][ $plugin_file ] ) ) { - $plugins['upgrade'][ $plugin_file ] = $plugin_data = array_merge( (array) $plugin_info->no_update[ $plugin_file ], $plugin_data ); + $plugins['upgrade'][ $plugin_file ] = $plugin_data; } } @@ -218,6 +221,10 @@ class WP_Plugins_List_Table extends WP_List_Table { // On the non-network screen, populate the active list with plugins that are individually activated // On the network-admin screen, populate the active list with plugins that are network activated $plugins['active'][ $plugin_file ] = $plugin_data; + + if ( ! $screen->in_admin( 'network' ) && is_plugin_paused( $plugin_file ) ) { + $plugins['paused'][ $plugin_file ] = $plugin_data; + } } else { if ( isset( $recently_activated[ $plugin_file ] ) ) { // Populate the recently activated list with plugins that have been recently activated @@ -445,6 +452,10 @@ class WP_Plugins_List_Table extends WP_List_Table { /* translators: %s: plugin count */ $text = _n( 'Drop-ins (%s)', 'Drop-ins (%s)', $count ); break; + case 'paused': + /* translators: %s: plugin count */ + $text = _n( 'Paused (%s)', 'Paused (%s)', $count ); + break; case 'upgrade': /* translators: %s: plugin count */ $text = _n( 'Update Available (%s)', 'Update Available (%s)', $count ); @@ -657,6 +668,10 @@ class WP_Plugins_List_Table extends WP_List_Table { /* translators: %s: plugin name */ $actions['deactivate'] = '' . __( 'Deactivate' ) . ''; } + if ( current_user_can( 'resume_plugin', $plugin_file ) && is_plugin_paused( $plugin_file ) ) { + /* translators: %s: plugin name */ + $actions['resume'] = '' . __( 'Resume' ) . ''; + } } else { if ( current_user_can( 'activate_plugin', $plugin_file ) ) { /* translators: %s: plugin name */ @@ -765,6 +780,12 @@ class WP_Plugins_List_Table extends WP_List_Table { $class .= ' update'; } + $paused = ! $screen->in_admin( 'network' ) && is_plugin_paused( $plugin_file ); + + if ( $paused ) { + $class .= ' paused'; + } + $plugin_slug = isset( $plugin_data['slug'] ) ? $plugin_data['slug'] : sanitize_title( $plugin_name ); printf( '', @@ -846,13 +867,25 @@ class WP_Plugins_List_Table extends WP_List_Table { * @param array $plugin_data An array of plugin data. * @param string $status Status of the plugin. Defaults are 'All', 'Active', * 'Inactive', 'Recently Activated', 'Upgrade', 'Must-Use', - * 'Drop-ins', 'Search'. + * 'Drop-ins', 'Search', 'Paused'. */ $plugin_meta = apply_filters( 'plugin_row_meta', $plugin_meta, $plugin_file, $plugin_data, $status ); echo implode( ' | ', $plugin_meta ); echo ''; + if ( $paused ) { + $notice_text = __( 'This plugin failed to load properly and is paused during recovery mode.' ); + + printf( '

%s

', $notice_text ); + + $error = wp_get_plugin_error( $plugin_file ); + + if ( false !== $error ) { + printf( '

%s

', wp_get_extension_error_description( $error ) ); + } + } + echo ''; break; default: @@ -886,7 +919,7 @@ class WP_Plugins_List_Table extends WP_List_Table { * @param array $plugin_data An array of plugin data. * @param string $status Status of the plugin. Defaults are 'All', 'Active', * 'Inactive', 'Recently Activated', 'Upgrade', 'Must-Use', - * 'Drop-ins', 'Search'. + * 'Drop-ins', 'Search', 'Paused'. */ do_action( 'after_plugin_row', $plugin_file, $plugin_data, $status ); @@ -902,7 +935,7 @@ class WP_Plugins_List_Table extends WP_List_Table { * @param array $plugin_data An array of plugin data. * @param string $status Status of the plugin. Defaults are 'All', 'Active', * 'Inactive', 'Recently Activated', 'Upgrade', 'Must-Use', - * 'Drop-ins', 'Search'. + * 'Drop-ins', 'Search', 'Paused'. */ do_action( "after_plugin_row_{$plugin_file}", $plugin_file, $plugin_data, $status ); } diff --git a/src/wp-admin/includes/plugin.php b/src/wp-admin/includes/plugin.php index 5873a33466..f44b5aff02 100644 --- a/src/wp-admin/includes/plugin.php +++ b/src/wp-admin/includes/plugin.php @@ -468,12 +468,14 @@ function get_dropins() { */ function _get_dropins() { $dropins = array( - 'advanced-cache.php' => array( __( 'Advanced caching plugin.' ), 'WP_CACHE' ), // WP_CACHE - 'db.php' => array( __( 'Custom database class.' ), true ), // auto on load - 'db-error.php' => array( __( 'Custom database error message.' ), true ), // auto on error - 'install.php' => array( __( 'Custom installation script.' ), true ), // auto on installation - 'maintenance.php' => array( __( 'Custom maintenance message.' ), true ), // auto on maintenance - 'object-cache.php' => array( __( 'External object cache.' ), true ), // auto on load + 'advanced-cache.php' => array( __( 'Advanced caching plugin.' ), 'WP_CACHE' ), // WP_CACHE + 'db.php' => array( __( 'Custom database class.' ), true ), // auto on load + 'db-error.php' => array( __( 'Custom database error message.' ), true ), // auto on error + 'install.php' => array( __( 'Custom installation script.' ), true ), // auto on installation + 'maintenance.php' => array( __( 'Custom maintenance message.' ), true ), // auto on maintenance + 'object-cache.php' => array( __( 'External object cache.' ), true ), // auto on load + 'php-error.php' => array( __( 'Custom PHP error message.' ), true ), // auto on error + 'fatal-error-handler.php' => array( __( 'Custom PHP fatal error handler.' ), true ), // auto on error ); if ( is_multisite() ) { @@ -2101,3 +2103,132 @@ function wp_add_privacy_policy_content( $plugin_name, $policy_text ) { WP_Privacy_Policy_Content::add( $plugin_name, $policy_text ); } + +/** + * Determines whether a plugin is technically active but was paused while + * loading. + * + * For more information on this and similar theme functions, check out + * the {@link https://developer.wordpress.org/themes/basics/conditional-tags/ + * Conditional Tags} article in the Theme Developer Handbook. + * + * @since 5.2.0 + * + * @param string $plugin Path to the plugin file relative to the plugins directory. + * @return bool True, if in the list of paused plugins. False, not in the list. + */ +function is_plugin_paused( $plugin ) { + if ( ! isset( $GLOBALS['_paused_plugins'] ) ) { + return false; + } + + if ( ! is_plugin_active( $plugin ) ) { + return false; + } + + list( $plugin ) = explode( '/', $plugin ); + + return array_key_exists( $plugin, $GLOBALS['_paused_plugins'] ); +} + +/** + * Gets the error that was recorded for a paused plugin. + * + * @since 5.2.0 + * + * @param string $plugin Path to the plugin file relative to the plugins + * directory. + * @return array|false Array of error information as it was returned by + * `error_get_last()`, or false if none was recorded. + */ +function wp_get_plugin_error( $plugin ) { + if ( ! isset( $GLOBALS['_paused_plugins'] ) ) { + return false; + } + + list( $plugin ) = explode( '/', $plugin ); + + if ( ! array_key_exists( $plugin, $GLOBALS['_paused_plugins'] ) ) { + return false; + } + + return $GLOBALS['_paused_plugins'][ $plugin ]; +} + +/** + * Tries to resume a single plugin. + * + * If a redirect was provided, we first ensure the plugin does not throw fatal + * errors anymore. + * + * The way it works is by setting the redirection to the error before trying to + * include the plugin file. If the plugin fails, then the redirection will not + * be overwritten with the success message and the plugin will not be resumed. + * + * @since 5.2.0 + * + * @param string $plugin Single plugin to resume. + * @param string $redirect Optional. URL to redirect to. Default empty string. + * @return bool|WP_Error True on success, false if `$plugin` was not paused, + * `WP_Error` on failure. + */ +function resume_plugin( $plugin, $redirect = '' ) { + /* + * We'll override this later if the plugin could be resumed without + * creating a fatal error. + */ + if ( ! empty( $redirect ) ) { + wp_redirect( + add_query_arg( + '_error_nonce', + wp_create_nonce( 'plugin-resume-error_' . $plugin ), + $redirect + ) + ); + + // Load the plugin to test whether it throws a fatal error. + ob_start(); + plugin_sandbox_scrape( $plugin ); + ob_clean(); + } + + list( $extension ) = explode( '/', $plugin ); + + $result = wp_paused_plugins()->delete( $extension ); + + if ( ! $result ) { + return new WP_Error( + 'could_not_resume_plugin', + __( 'Could not resume the plugin.' ) + ); + } + + return true; +} + +/** + * Renders an admin notice in case some plugins have been paused due to errors. + * + * @since 5.2.0 + */ +function paused_plugins_notice() { + if ( 'plugins.php' === $GLOBALS['pagenow'] ) { + return; + } + + if ( ! current_user_can( 'resume_plugins' ) ) { + return; + } + + if ( ! isset( $GLOBALS['_paused_plugins'] ) || empty( $GLOBALS['_paused_plugins'] ) ) { + return; + } + + printf( + '

%s
%s

%s

', + __( 'One or more plugins failed to load properly.' ), + __( 'You can find more details and make changes on the Plugins screen.' ), + esc_url( admin_url( 'plugins.php?plugin_status=paused' ) ), + __( 'Go to the Plugins screen' ) + ); +} diff --git a/src/wp-admin/includes/theme.php b/src/wp-admin/includes/theme.php index 91a3577906..c0f72b3d42 100644 --- a/src/wp-admin/includes/theme.php +++ b/src/wp-admin/includes/theme.php @@ -768,3 +768,137 @@ function customize_themes_print_templates() { delete( $extension ); + + if ( ! $result ) { + return new WP_Error( + 'could_not_resume_theme', + __( 'Could not resume the theme.' ) + ); + } + + return true; +} + +/** + * Renders an admin notice in case some themes have been paused due to errors. + * + * @since 5.2.0 + */ +function paused_themes_notice() { + if ( 'themes.php' === $GLOBALS['pagenow'] ) { + return; + } + + if ( ! current_user_can( 'resume_themes' ) ) { + return; + } + + if ( ! isset( $GLOBALS['_paused_themes'] ) || empty( $GLOBALS['_paused_themes'] ) ) { + return; + } + + printf( + '

%s
%s

%s

', + __( 'One or more themes failed to load properly.' ), + __( 'You can find more details and make changes on the Themes screen.' ), + esc_url( admin_url( 'themes.php' ) ), + __( 'Go to the Themes screen' ) + ); +} diff --git a/src/wp-admin/plugins.php b/src/wp-admin/plugins.php index c80e96831f..ececdfc4d0 100644 --- a/src/wp-admin/plugins.php +++ b/src/wp-admin/plugins.php @@ -389,6 +389,26 @@ if ( $action ) { } break; + case 'resume': + if ( is_multisite() ) { + return; + } + + if ( ! current_user_can( 'resume_plugin', $plugin ) ) { + wp_die( __( 'Sorry, you are not allowed to resume this plugin.' ) ); + } + + check_admin_referer( 'resume-plugin_' . $plugin ); + + $result = resume_plugin( $plugin, self_admin_url( "plugins.php?error=resuming&plugin_status=$status&paged=$page&s=$s" ) ); + + if ( is_wp_error( $result ) ) { + wp_die( $result ); + } + + wp_redirect( self_admin_url( "plugins.php?resume=true&plugin_status=$status&paged=$page&s=$s" ) ); + exit; + default: if ( isset( $_POST['checked'] ) ) { check_admin_referer( 'bulk-plugins' ); @@ -488,6 +508,8 @@ if ( isset( $_GET['error'] ) ) : $_GET['charsout'] ); $errmsg .= ' ' . __( 'If you notice “headers already sent” messages, problems with syndication feeds or other issues, try deactivating or removing this plugin.' ); + } elseif ( 'resuming' === $_GET['error'] ) { + $errmsg = __( 'Plugin could not be resumed because it triggered a fatal error.' ); } else { $errmsg = __( 'Plugin could not be activated because it triggered a fatal error.' ); } @@ -541,6 +563,8 @@ elseif ( isset( $_GET['deleted'] ) ) :

deactivated.' ); ?>

+ +

resumed.' ); ?>

diff --git a/src/wp-admin/themes.php b/src/wp-admin/themes.php index 494e952184..7b0d3b2022 100644 --- a/src/wp-admin/themes.php +++ b/src/wp-admin/themes.php @@ -33,6 +33,26 @@ if ( current_user_can( 'switch_themes' ) && isset( $_GET['action'] ) ) { switch_theme( $theme->get_stylesheet() ); wp_redirect( admin_url( 'themes.php?activated=true' ) ); exit; + } elseif ( 'resume' === $_GET['action'] ) { + check_admin_referer( 'resume-theme_' . $_GET['stylesheet'] ); + $theme = wp_get_theme( $_GET['stylesheet'] ); + + if ( ! current_user_can( 'resume_theme', $_GET['stylesheet'] ) ) { + wp_die( + '

' . __( 'You need a higher level of permission.' ) . '

' . + '

' . __( 'Sorry, you are not allowed to resume this theme.' ) . '

', + 403 + ); + } + + $result = resume_theme( $theme->get_stylesheet(), self_admin_url( 'themes.php?error=resuming' ) ); + + if ( is_wp_error( $result ) ) { + wp_die( $result ); + } + + wp_redirect( admin_url( 'themes.php?resumed=true' ) ); + exit; } elseif ( 'delete' == $_GET['action'] ) { check_admin_referer( 'delete-theme_' . $_GET['stylesheet'] ); $theme = wp_get_theme( $_GET['stylesheet'] ); @@ -195,6 +215,14 @@ if ( ! validate_current_theme() || isset( $_GET['broken'] ) ) { ?>

+

+ +

fatal error.' ); ?>

+

@@ -355,6 +384,9 @@ if ( ! is_multisite() && current_user_can( 'edit_themes' ) && $broken_themes = w + + + @@ -367,6 +399,27 @@ if ( ! is_multisite() && current_user_can( 'edit_themes' ) && $broken_themes = w get( 'Name' ) ? $broken_theme->display( 'Name' ) : $broken_theme->get_stylesheet(); ?> errors()->get_error_message(); ?> errors()->get_error_code() ) { + $stylesheet = $broken_theme->get_stylesheet(); + $resume_url = add_query_arg( + array( + 'action' => 'resume', + 'stylesheet' => urlencode( $stylesheet ), + ), + admin_url( 'themes.php' ) + ); + $resume_url = wp_nonce_url( $resume_url, 'resume-theme_' . $stylesheet ); + ?> + + + + get_stylesheet(); $delete_url = add_query_arg( diff --git a/src/wp-includes/admin-bar.php b/src/wp-includes/admin-bar.php index 6511937c3b..6600c651df 100644 --- a/src/wp-includes/admin-bar.php +++ b/src/wp-includes/admin-bar.php @@ -1047,6 +1047,35 @@ function wp_admin_bar_search_menu( $wp_admin_bar ) { ); } +/** + * Add a link to exit recovery mode when Recovery Mode is active. + * + * @since 5.2.0 + * + * @param WP_Admin_Bar $wp_admin_bar + */ +function wp_admin_bar_recovery_mode_menu( $wp_admin_bar ) { + if ( ! wp_is_recovery_mode() ) { + return; + } + + $url = wp_login_url(); + $url = add_query_arg( 'action', WP_Recovery_Mode::EXIT_ACTION, $url ); + $url = wp_nonce_url( $url, WP_Recovery_Mode::EXIT_ACTION ); + + $wp_admin_bar->add_menu( + array( + 'parent' => 'top-secondary', + 'id' => 'recovery-mode', + 'title' => __( 'Exit Recovery Mode' ), + 'href' => $url, + 'meta' => array( + 'title' => __( 'Exit Recovery Mode' ), + ), + ) + ); +} + /** * Add secondary menus. * diff --git a/src/wp-includes/capabilities.php b/src/wp-includes/capabilities.php index c192639608..a039f0daef 100644 --- a/src/wp-includes/capabilities.php +++ b/src/wp-includes/capabilities.php @@ -464,6 +464,12 @@ function map_meta_cap( $cap, $user_id ) { } } break; + case 'resume_plugin': + $caps[] = 'resume_plugins'; + break; + case 'resume_theme': + $caps[] = 'resume_themes'; + break; case 'delete_user': case 'delete_users': // If multisite only super admins can delete users. @@ -950,3 +956,25 @@ function wp_maybe_grant_install_languages_cap( $allcaps ) { return $allcaps; } + +/** + * Filters the user capabilities to grant the 'resume_plugins' and 'resume_themes' capabilities as necessary. + * + * @since 5.2.0 + * + * @param bool[] $allcaps An array of all the user's capabilities. + * @return bool[] Filtered array of the user's capabilities. + */ +function wp_maybe_grant_resume_extensions_caps( $allcaps ) { + // Even in a multisite, regular administrators should be able to resume plugins. + if ( ! empty( $allcaps['activate_plugins'] ) ) { + $allcaps['resume_plugins'] = true; + } + + // Even in a multisite, regular administrators should be able to resume themes. + if ( ! empty( $allcaps['switch_themes'] ) ) { + $allcaps['resume_themes'] = true; + } + + return $allcaps; +} diff --git a/src/wp-includes/class-wp-admin-bar.php b/src/wp-includes/class-wp-admin-bar.php index c7813a37e5..9b2982c27e 100644 --- a/src/wp-includes/class-wp-admin-bar.php +++ b/src/wp-includes/class-wp-admin-bar.php @@ -596,6 +596,7 @@ class WP_Admin_Bar { add_action( 'admin_bar_menu', 'wp_admin_bar_my_account_menu', 0 ); add_action( 'admin_bar_menu', 'wp_admin_bar_search_menu', 4 ); add_action( 'admin_bar_menu', 'wp_admin_bar_my_account_item', 7 ); + add_action( 'admin_bar_menu', 'wp_admin_bar_recovery_mode_menu', 8 ); // Site related. add_action( 'admin_bar_menu', 'wp_admin_bar_sidebar_toggle', 0 ); diff --git a/src/wp-includes/class-wp-fatal-error-handler.php b/src/wp-includes/class-wp-fatal-error-handler.php index e36a8f68e8..e44dfed598 100644 --- a/src/wp-includes/class-wp-fatal-error-handler.php +++ b/src/wp-includes/class-wp-fatal-error-handler.php @@ -38,6 +38,10 @@ class WP_Fatal_Error_Handler { return; } + if ( ! is_multisite() && wp_recovery_mode()->is_initialized() ) { + wp_recovery_mode()->handle_error( $error ); + } + // Display the PHP error template. $this->display_error_template(); } catch ( Exception $e ) { diff --git a/src/wp-includes/class-wp-paused-extensions-storage.php b/src/wp-includes/class-wp-paused-extensions-storage.php new file mode 100644 index 0000000000..7c51db8781 --- /dev/null +++ b/src/wp-includes/class-wp-paused-extensions-storage.php @@ -0,0 +1,223 @@ +type = $extension_type; + } + + /** + * Records an extension error. + * + * Only one error is stored per extension, with subsequent errors for the same extension overriding the + * previously stored error. + * + * @since 5.2.0 + * + * @param string $extension Plugin or theme directory name. + * @param array $error { + * Error that was triggered. + * + * @type string $type The error type. + * @type string $file The name of the file in which the error occurred. + * @type string $line The line number in which the error occurred. + * @type string $message The error message. + * } + * @return bool True on success, false on failure. + */ + public function set( $extension, $error ) { + if ( ! $this->is_api_loaded() ) { + return false; + } + + $option_name = $this->get_option_name(); + + if ( ! $option_name ) { + return false; + } + + $paused_extensions = (array) get_option( $option_name, array() ); + + // Do not update if the error is already stored. + if ( isset( $paused_extensions[ $this->type ][ $extension ] ) && $paused_extensions[ $this->type ][ $extension ] === $error ) { + return true; + } + + $paused_extensions[ $this->type ][ $extension ] = $error; + + return update_option( $option_name, $paused_extensions ); + } + + /** + * Forgets a previously recorded extension error. + * + * @since 5.2.0 + * + * @param string $extension Plugin or theme directory name. + * + * @return bool True on success, false on failure. + */ + public function delete( $extension ) { + if ( ! $this->is_api_loaded() ) { + return false; + } + + $option_name = $this->get_option_name(); + + if ( ! $option_name ) { + return false; + } + + $paused_extensions = (array) get_option( $option_name, array() ); + + // Do not delete if no error is stored. + if ( ! isset( $paused_extensions[ $this->type ][ $extension ] ) ) { + return true; + } + + unset( $paused_extensions[ $this->type ][ $extension ] ); + + if ( empty( $paused_extensions[ $this->type ] ) ) { + unset( $paused_extensions[ $this->type ] ); + } + + // Clean up the entire option if we're removing the only error. + if ( ! $paused_extensions ) { + return delete_option( $option_name ); + } + + return update_option( $option_name, $paused_extensions ); + } + + /** + * Gets the error for an extension, if paused. + * + * @since 5.2.0 + * + * @param string $extension Plugin or theme directory name. + * + * @return array|null Error that is stored, or null if the extension is not paused. + */ + public function get( $extension ) { + if ( ! $this->is_api_loaded() ) { + return null; + } + + $paused_extensions = $this->get_all(); + + if ( ! isset( $paused_extensions[ $extension ] ) ) { + return null; + } + + return $paused_extensions[ $extension ]; + } + + /** + * Gets the paused extensions with their errors. + * + * @since 5.2.0 + * + * @return array Associative array of extension slugs to the error recorded. + */ + public function get_all() { + if ( ! $this->is_api_loaded() ) { + return array(); + } + + $option_name = $this->get_option_name(); + + if ( ! $option_name ) { + return array(); + } + + $paused_extensions = (array) get_option( $option_name, array() ); + + return isset( $paused_extensions[ $this->type ] ) ? $paused_extensions[ $this->type ] : array(); + } + + /** + * Remove all paused extensions. + * + * @since 5.2.0 + * + * @return bool + */ + public function delete_all() { + if ( ! $this->is_api_loaded() ) { + return false; + } + + $option_name = $this->get_option_name(); + + if ( ! $option_name ) { + return false; + } + + $paused_extensions = (array) get_option( $option_name, array() ); + + unset( $paused_extensions[ $this->type ] ); + + if ( ! $paused_extensions ) { + return delete_option( $option_name ); + } + + return update_option( $option_name, $paused_extensions ); + } + + /** + * Checks whether the underlying API to store paused extensions is loaded. + * + * @since 5.2.0 + * + * @return bool True if the API is loaded, false otherwise. + */ + protected function is_api_loaded() { + return function_exists( 'get_option' ); + } + + /** + * Get the option name for storing paused extensions. + * + * @since 5.2.0 + * + * @return string + */ + protected function get_option_name() { + if ( ! wp_recovery_mode()->is_active() ) { + return ''; + } + + $session_id = wp_recovery_mode()->get_session_id(); + if ( empty( $session_id ) ) { + return ''; + } + + return "{$session_id}_paused_extensions"; + } +} diff --git a/src/wp-includes/class-wp-recovery-mode-cookie-service.php b/src/wp-includes/class-wp-recovery-mode-cookie-service.php new file mode 100644 index 0000000000..c42dbb105c --- /dev/null +++ b/src/wp-includes/class-wp-recovery-mode-cookie-service.php @@ -0,0 +1,290 @@ + RECOVERY_MODE_COOKIE, + 'domain' => COOKIE_DOMAIN, + 'path' => COOKIEPATH, + 'site_path' => SITECOOKIEPATH, + ) + ); + + $this->name = $opts['name']; + $this->domain = $opts['domain']; + $this->path = $opts['path']; + $this->site_path = $opts['site_path']; + } + + /** + * Checks whether the recovery mode cookie is set. + * + * @since 5.2.0 + * + * @return bool True if the cookie is set, false otherwise. + */ + public function is_cookie_set() { + return ! empty( $_COOKIE[ $this->name ] ); + } + + /** + * Sets the recovery mode cookie. + * + * This must be immediately followed by exiting the request. + * + * @since 5.2.0 + */ + public function set_cookie() { + + $value = $this->generate_cookie(); + + setcookie( $this->name, $value, 0, $this->path, $this->domain, is_ssl(), true ); + + if ( $this->path !== $this->site_path ) { + setcookie( $this->name, $value, 0, $this->site_path, $this->domain, is_ssl(), true ); + } + } + + /** + * Clears the recovery mode cookie. + * + * @since 5.2.0 + */ + public function clear_cookie() { + setcookie( $this->name, ' ', time() - YEAR_IN_SECONDS, $this->path, $this->domain ); + setcookie( $this->name, ' ', time() - YEAR_IN_SECONDS, $this->site_path, $this->domain ); + } + + /** + * Validates the recovery mode cookie. + * + * @since 5.2.0 + * + * @param string $cookie Optionally specify the cookie string. + * If omitted, it will be retrieved from the super global. + * @return true|WP_Error True on success, error object on failure. + */ + public function validate_cookie( $cookie = '' ) { + + if ( ! $cookie ) { + if ( empty( $_COOKIE[ $this->name ] ) ) { + return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); + } + + $cookie = $_COOKIE[ $this->name ]; + } + + $parts = $this->parse_cookie( $cookie ); + + if ( is_wp_error( $parts ) ) { + return $parts; + } + + list( , $created_at, $random, $signature ) = $parts; + + if ( ! ctype_digit( $created_at ) ) { + return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) ); + } + + /** + * Filter the length of time a Recovery Mode cookie is valid for. + * + * @since 5.2.0 + * + * @param int $length Length in seconds. + */ + $length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS ); + + if ( time() > $created_at + $length ) { + return new WP_Error( 'expired', __( 'Cookie expired.' ) ); + } + + $to_sign = sprintf( 'recovery_mode|%s|%s', $created_at, $random ); + $hashed = $this->recovery_mode_hash( $to_sign ); + + if ( ! hash_equals( $signature, $hashed ) ) { + return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) ); + } + + return true; + } + + /** + * Gets the session identifier from the cookie. + * + * The cookie should be validated before calling this API. + * + * @since 5.2.0 + * + * @param string $cookie Optionally specify the cookie string. + * If omitted, it will be retrieved from the super global. + * @return string|WP_Error Session ID on success, or error object on failure. + */ + public function get_session_id_from_cookie( $cookie = '' ) { + if ( ! $cookie ) { + if ( empty( $_COOKIE[ $this->name ] ) ) { + return new WP_Error( 'no_cookie', __( 'No cookie present.' ) ); + } + + $cookie = $_COOKIE[ $this->name ]; + } + + $parts = $this->parse_cookie( $cookie ); + if ( is_wp_error( $parts ) ) { + return $parts; + } + + list( , , $random ) = $parts; + + return sha1( $random ); + } + + /** + * Parses the cookie into its four parts. + * + * @param string $cookie Cookie content. + * @return array|WP_Error Cookie parts array, or error object on failure. + */ + private function parse_cookie( $cookie ) { + $cookie = base64_decode( $cookie ); + $parts = explode( '|', $cookie ); + + if ( 4 !== count( $parts ) ) { + return new WP_Error( 'invalid_format', __( 'Invalid cookie format.' ) ); + } + + return $parts; + } + + /** + * Generates the recovery mode cookie value. + * + * The cookie is a base64 encoded string with the following format: + * + * recovery_mode|iat|rand|signature + * + * Where "recovery_mode" is a constant string, + * iat is the time the cookie was generated at, + * rand is a randomly generated password that is also used as a session identifier + * and signature is an hmac of the preceding 3 parts. + * + * @since 5.2.0 + * + * @return string Generated cookie content. + */ + private function generate_cookie() { + $to_sign = sprintf( 'recovery_mode|%s|%s', time(), wp_generate_password( 20, false ) ); + $signed = $this->recovery_mode_hash( $to_sign ); + + return base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); + } + + /** + * Gets a form of `wp_hash()` specific to Recovery Mode. + * + * We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded, + * which is too late to verify the recovery mode cookie. + * + * This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored. + * + * @since 5.2.0 + * + * @param string $data Data to hash. + * @return string|false The hashed $data, or false on failure. + */ + private function recovery_mode_hash( $data ) { + if ( ! defined( 'AUTH_KEY' ) || AUTH_KEY === 'put your unique phrase here' ) { + $auth_key = get_site_option( 'recovery_mode_auth_key' ); + + if ( ! $auth_key ) { + if ( ! function_exists( 'wp_generate_password' ) ) { + require_once ABSPATH . WPINC . '/pluggable.php'; + } + + $auth_key = wp_generate_password( 64, true, true ); + update_site_option( 'recovery_mode_auth_key', $auth_key ); + } + } else { + $auth_key = AUTH_KEY; + } + + if ( ! defined( 'AUTH_SALT' ) || AUTH_SALT === 'put your unique phrase here' || AUTH_SALT === $auth_key ) { + $auth_salt = get_site_option( 'recovery_mode_auth_salt' ); + + if ( ! $auth_salt ) { + if ( ! function_exists( 'wp_generate_password' ) ) { + require_once ABSPATH . WPINC . '/pluggable.php'; + } + + $auth_salt = wp_generate_password( 64, true, true ); + update_site_option( 'recovery_mode_auth_salt', $auth_salt ); + } + } else { + $auth_salt = AUTH_SALT; + } + + $secret = $auth_key . $auth_salt; + + return hash_hmac( 'sha1', $data, $secret ); + } +} diff --git a/src/wp-includes/class-wp-recovery-mode-email-service.php b/src/wp-includes/class-wp-recovery-mode-email-service.php new file mode 100644 index 0000000000..365f2ea279 --- /dev/null +++ b/src/wp-includes/class-wp-recovery-mode-email-service.php @@ -0,0 +1,249 @@ +link_service = $link_service; + } + + /** + * Sends the recovery mode email if the rate limit has not been sent. + * + * @since 5.2.0 + * + * @param int $rate_limit Number of seconds before another email can be sent. + * @param array $error Error details from {@see error_get_last()} + * @param array $extension The extension that caused the error. { + * @type string $slug The extension slug. The plugin or theme's directory. + * @type string $type The extension type. Either 'plugin' or 'theme'. + * } + * @return true|WP_Error True if email sent, WP_Error otherwise. + */ + public function maybe_send_recovery_mode_email( $rate_limit, $error, $extension ) { + + $last_sent = get_option( self::RATE_LIMIT_OPTION ); + + if ( ! $last_sent || time() > $last_sent + $rate_limit ) { + if ( ! update_option( self::RATE_LIMIT_OPTION, time() ) ) { + return new WP_Error( 'storage_error', __( 'Could not update the email last sent time.' ) ); + } + + $sent = $this->send_recovery_mode_email( $rate_limit, $error, $extension ); + + if ( $sent ) { + return true; + } + + return new WP_Error( 'email_failed', __( 'The email could not be sent. Possible reason: your host may have disabled the mail() function.' ) ); + } + + $err_message = sprintf( + /* translators: 1. Last sent as a human time diff 2. Wait time as a human time diff. */ + __( 'A recovery link was already sent %1$s ago. Please wait another %2$s before requesting a new email.' ), + human_time_diff( $last_sent ), + human_time_diff( $last_sent + $rate_limit ) + ); + + return new WP_Error( 'email_sent_already', $err_message ); + } + + /** + * Clears the rate limit, allowing a new recovery mode email to be sent immediately. + * + * @since 5.2.0 + * + * @return bool True on success, false on failure. + */ + public function clear_rate_limit() { + return delete_option( self::RATE_LIMIT_OPTION ); + } + + /** + * Sends the Recovery Mode email to the site admin email address. + * + * @since 5.2.0 + * + * @param int $rate_limit Number of seconds before another email can be sent. + * @param array $error Error details from {@see error_get_last()} + * @param array $extension Extension that caused the error. + * + * @return bool Whether the email was sent successfully. + */ + private function send_recovery_mode_email( $rate_limit, $error, $extension ) { + + $url = $this->link_service->generate_url(); + $blogname = wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ); + + $switched_locale = false; + + // The switch_to_locale() function is loaded before it can actually be used. + if ( function_exists( 'switch_to_locale' ) && isset( $GLOBALS['wp_locale_switcher'] ) ) { + $switched_locale = switch_to_locale( get_locale() ); + } + + if ( $extension ) { + $cause = $this->get_cause( $extension ); + $details = wp_strip_all_tags( wp_get_extension_error_description( $error ) ); + + if ( $details ) { + $header = __( 'Error Details' ); + $details = "\n\n" . $header . "\n" . str_pad( '', strlen( $header ), '=' ) . "\n" . $details; + } + } else { + $cause = ''; + $details = ''; + } + + $message = __( + 'Howdy, + +Your site recently crashed on ###LOCATION### and may not be working as expected. +###CAUSE### +Click the link below to initiate recovery mode and fix the problem. + +This link expires in ###EXPIRES###. + +###LINK### ###DETAILS### +' + ); + $message = str_replace( + array( + '###LINK###', + '###LOCATION###', + '###EXPIRES###', + '###CAUSE###', + '###DETAILS###', + ), + array( + $url, + 'TBD', + human_time_diff( time() + $rate_limit ), + $cause ? "\n{$cause}\n" : "\n", + $details, + ), + $message + ); + + $email = array( + 'to' => $this->get_recovery_mode_email_address(), + /* translators: %s: site name */ + 'subject' => __( '[%s] Your Site is Experiencing a Technical Issue' ), + 'message' => $message, + 'headers' => '', + ); + + /** + * Filter the contents of the Recovery Mode email. + * + * @since 5.2.0 + * + * @param array $email Used to build wp_mail(). + * @param string $url URL to enter recovery mode. + */ + $email = apply_filters( 'recovery_mode_email', $email, $url ); + + $sent = wp_mail( + $email['to'], + wp_specialchars_decode( sprintf( $email['subject'], $blogname ) ), + $email['message'], + $email['headers'] + ); + + if ( $switched_locale ) { + restore_previous_locale(); + } + + return $sent; + } + + /** + * Gets the email address to send the recovery mode link to. + * + * @since 5.2.0 + * + * @return string Email address to send recovery mode link to. + */ + private function get_recovery_mode_email_address() { + if ( defined( 'RECOVERY_MODE_EMAIL' ) && is_email( RECOVERY_MODE_EMAIL ) ) { + return RECOVERY_MODE_EMAIL; + } + + return get_option( 'admin_email' ); + } + + /** + * Gets the description indicating the possible cause for the error. + * + * @since 5.2.0 + * + * @param array $extension The extension that caused the error. + * @return string Message about which extension caused the error. + */ + private function get_cause( $extension ) { + + if ( 'plugin' === $extension['type'] ) { + if ( ! function_exists( 'get_plugins' ) ) { + require_once ABSPATH . 'wp-admin/includes/plugin.php'; + } + + $plugins = get_plugins(); + + $name = ''; + + // Assume plugin main file name first since it is a common convention. + if ( isset( $plugins[ "{$extension['slug']}/{$extension['slug']}.php" ] ) ) { + $name = $plugins[ "{$extension['slug']}/{$extension['slug']}.php" ]['Name']; + } else { + foreach ( $plugins as $file => $plugin_data ) { + if ( 0 === strpos( $file, "{$extension['slug']}/" ) ) { + $name = $plugin_data['Name']; + break; + } + } + } + + if ( empty( $name ) ) { + $name = $extension['slug']; + } + + /* translators: %s: plugin name */ + $cause = sprintf( __( 'This was be caused by the %s plugin.' ), $name ); + } else { + $theme = wp_get_theme( $extension['slug'] ); + $name = $theme->exists() ? $theme->display( 'Name' ) : $extension['slug']; + + /* translators: %s: theme name */ + $cause = sprintf( __( 'This was be caused by the %s theme.' ), $name ); + } + + return $cause; + } +} diff --git a/src/wp-includes/class-wp-recovery-mode-key-service.php b/src/wp-includes/class-wp-recovery-mode-key-service.php new file mode 100644 index 0000000000..06f8d0fedd --- /dev/null +++ b/src/wp-includes/class-wp-recovery-mode-key-service.php @@ -0,0 +1,89 @@ +HashPassword( $key ); + + update_option( + 'recovery_key', + array( + 'hashed_key' => $hashed, + 'created_at' => time(), + ) + ); + + return $key; + } + + /** + * Verifies if the recovery mode key is correct. + * + * @since 5.2.0 + * + * @param string $key The unhashed key. + * @param int $ttl Time in seconds for the key to be valid for. + * @return true|WP_Error True on success, error object on failure. + */ + public function validate_recovery_mode_key( $key, $ttl ) { + + $record = get_option( 'recovery_key' ); + + if ( ! $record ) { + return new WP_Error( 'no_recovery_key_set', __( 'Recovery Mode not initialized.' ) ); + } + + if ( ! is_array( $record ) || ! isset( $record['hashed_key'], $record['created_at'] ) ) { + return new WP_Error( 'invalid_recovery_key_format', __( 'Invalid recovery key format.' ) ); + } + + if ( ! wp_check_password( $key, $record['hashed_key'] ) ) { + return new WP_Error( 'hash_mismatch', __( 'Invalid recovery key.' ) ); + } + + if ( time() > $record['created_at'] + $ttl ) { + return new WP_Error( 'key_expired', __( 'Recovery key expired.' ) ); + } + + return true; + } +} diff --git a/src/wp-includes/class-wp-recovery-mode-link-service.php b/src/wp-includes/class-wp-recovery-mode-link-service.php new file mode 100644 index 0000000000..0ddbfec9d6 --- /dev/null +++ b/src/wp-includes/class-wp-recovery-mode-link-service.php @@ -0,0 +1,122 @@ +cookie_service = $cookie_service; + $this->key_service = new WP_Recovery_Mode_Key_Service(); + } + + /** + * Generates a URL to begin recovery mode. + * + * Only one recovery mode URL can may be valid at the same time. + * + * @since 5.2.0 + * + * @return string Generated URL. + */ + public function generate_url() { + $key = $this->key_service->generate_and_store_recovery_mode_key(); + + return $this->get_recovery_mode_begin_url( $key ); + } + + /** + * Enters recovery mode when the user hits wp-login.php with a valid recovery mode link. + * + * @since 5.2.0 + * + * @param int $ttl Number of seconds the link should be valid for. + */ + public function handle_begin_link( $ttl ) { + if ( ! isset( $GLOBALS['pagenow'] ) || 'wp-login.php' !== $GLOBALS['pagenow'] ) { + return; + } + + if ( ! isset( $_GET['action'], $_GET['rm_key'] ) || self::LOGIN_ACTION_ENTER !== $_GET['action'] ) { + return; + } + + if ( ! function_exists( 'wp_generate_password' ) ) { + require_once ABSPATH . WPINC . '/pluggable.php'; + } + + $validated = $this->key_service->validate_recovery_mode_key( $_GET['rm_key'], $ttl ); + + if ( is_wp_error( $validated ) ) { + wp_die( $validated, '' ); + } + + $this->cookie_service->set_cookie(); + + $url = add_query_arg( 'action', self::LOGIN_ACTION_ENTERED, wp_login_url() ); + wp_redirect( $url ); + die; + } + + /** + * Gets a URL to begin recovery mode. + * + * @since 5.2.0 + * + * @param string $key Recovery Mode key created by {@see generate_and_store_recovery_mode_key()} + * @return string Recovery mode begin URL. + */ + private function get_recovery_mode_begin_url( $key ) { + + $url = add_query_arg( + array( + 'action' => self::LOGIN_ACTION_ENTER, + 'rm_key' => $key, + ), + wp_login_url() + ); + + /** + * Filter the URL to begin recovery mode. + * + * @since 5.2.0 + * + * @param string $url + * @param string $key + */ + return apply_filters( 'recovery_mode_begin_url', $url, $key ); + } +} diff --git a/src/wp-includes/class-wp-recovery-mode.php b/src/wp-includes/class-wp-recovery-mode.php new file mode 100644 index 0000000000..cdbc290ec2 --- /dev/null +++ b/src/wp-includes/class-wp-recovery-mode.php @@ -0,0 +1,437 @@ +cookie_service = new WP_Recovery_Mode_Cookie_Service(); + $this->link_service = new WP_Recovery_Mode_Link_Service( $this->cookie_service ); + $this->email_service = new WP_Recovery_Mode_Email_Service( $this->link_service ); + } + + /** + * Initialize recovery mode for the current request. + * + * @since 5.2.0 + */ + public function initialize() { + $this->is_initialized = true; + + add_action( 'login_form_' . self::EXIT_ACTION, array( $this, 'handle_exit_recovery_mode' ) ); + + if ( defined( 'WP_RECOVERY_MODE_SESSION_ID' ) ) { + $this->is_active = true; + $this->session_id = WP_RECOVERY_MODE_SESSION_ID; + + return; + } + + if ( $this->cookie_service->is_cookie_set() ) { + $this->handle_cookie(); + + return; + } + + $this->link_service->handle_begin_link( $this->get_link_ttl() ); + } + + /** + * Checks whether recovery mode is active. + * + * This will not change after recovery mode has been initialized. {@see WP_Recovery_Mode::run()}. + * + * @since 5.2.0 + * + * @return bool True if recovery mode is active, false otherwise. + */ + public function is_active() { + return $this->is_active; + } + + /** + * Gets the recovery mode session ID. + * + * @since 5.2.0 + * + * @return string The session ID if recovery mode is active, empty string otherwise. + */ + public function get_session_id() { + return $this->session_id; + } + + /** + * Checks whether recovery mode has been initialized. + * + * Recovery mode should not be used until this point. Initialization happens immediately before loading plugins. + * + * @since 5.2.0 + * + * @return bool + */ + public function is_initialized() { + return $this->is_initialized; + } + + /** + * Handles a fatal error occurring. + * + * The calling API should immediately die() after calling this function. + * + * @since 5.2.0 + * + * @param array $error Error details from {@see error_get_last()} + * @return true|WP_Error True if the error was handled and headers have already been sent. + * Or the request will exit to try and catch multiple errors at once. + * WP_Error if an error occurred preventing it from being handled. + */ + public function handle_error( array $error ) { + + $extension = $this->get_extension_for_error( $error ); + + if ( ! $extension || $this->is_network_plugin( $extension ) ) { + return new WP_Error( 'invalid_source', __( 'Error not caused by a plugin or theme.' ) ); + } + + if ( ! $this->is_active() ) { + if ( ! function_exists( 'wp_generate_password' ) ) { + require_once ABSPATH . WPINC . '/pluggable.php'; + } + + return $this->email_service->maybe_send_recovery_mode_email( $this->get_email_rate_limit(), $error, $extension ); + } + + if ( ! $this->store_error( $error ) ) { + return new WP_Error( 'storage_error', __( 'Failed to store the error.' ) ); + } + + if ( headers_sent() ) { + return true; + } + + $this->redirect_protected(); + } + + /** + * Ends the current recovery mode session. + * + * @since 5.2.0 + * + * @return bool True on success, false on failure. + */ + public function exit_recovery_mode() { + if ( ! $this->is_active() ) { + return false; + } + + $this->email_service->clear_rate_limit(); + $this->cookie_service->clear_cookie(); + + wp_paused_plugins()->delete_all(); + wp_paused_themes()->delete_all(); + + return true; + } + + /** + * Handles a request to exit Recovery Mode. + * + * @since 5.2.0 + */ + public function handle_exit_recovery_mode() { + $redirect_to = wp_get_referer(); + + // Safety check in case referrer returns false. + if ( ! $redirect_to ) { + $redirect_to = is_user_logged_in() ? admin_url() : home_url(); + } + + if ( ! $this->is_active() ) { + wp_safe_redirect( $redirect_to ); + die; + } + + if ( ! isset( $_GET['action'] ) || self::EXIT_ACTION !== $_GET['action'] ) { + return; + } + + if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) { + wp_die( __( 'Exit recovery mode link expired.' ) ); + } + + if ( ! $this->exit_recovery_mode() ) { + wp_die( __( 'Failed to exit recovery mode. Please try again later.' ) ); + } + + wp_safe_redirect( $redirect_to ); + die; + } + + /** + * Handles checking for the recovery mode cookie and validating it. + * + * @since 5.2.0 + */ + protected function handle_cookie() { + $validated = $this->cookie_service->validate_cookie(); + + if ( is_wp_error( $validated ) ) { + $this->cookie_service->clear_cookie(); + + wp_die( $validated, '' ); + } + + $session_id = $this->cookie_service->get_session_id_from_cookie(); + if ( is_wp_error( $session_id ) ) { + $this->cookie_service->clear_cookie(); + + wp_die( $session_id, '' ); + } + + $this->is_active = true; + $this->session_id = $session_id; + } + + /** + * Gets the rate limit between sending new recovery mode email links. + * + * @since 5.2.0 + * + * @return int Rate limit in seconds. + */ + protected function get_email_rate_limit() { + /** + * Filter the rate limit between sending new recovery mode email links. + * + * @since 5.2.0 + * + * @param int $rate_limit Time to wait in seconds. Defaults to 4 hours. + */ + return apply_filters( 'recovery_mode_email_rate_limit', 4 * HOUR_IN_SECONDS ); + } + + /** + * Gets the number of seconds the recovery mode link is valid for. + * + * @since 5.2.0 + * + * @return int Interval in seconds. + */ + protected function get_link_ttl() { + + $rate_limit = $this->get_email_rate_limit(); + $valid_for = $rate_limit; + + /** + * Filter the amount of time the recovery mode email link is valid for. + * + * The ttl must be at least as long as the email rate limit. + * + * @since 5.2.0 + * + * @param int $valid_for The number of seconds the link is valid for. + */ + $valid_for = apply_filters( 'recovery_mode_email_link_ttl', $valid_for ); + + return max( $valid_for, $rate_limit ); + } + + /** + * Gets the extension that the error occurred in. + * + * @since 5.2.0 + * + * @global array $wp_theme_directories + * + * @param array $error Error that was triggered. + * + * @return array|false { + * @type string $slug The extension slug. This is the plugin or theme's directory. + * @type string $type The extension type. Either 'plugin' or 'theme'. + * } + */ + protected function get_extension_for_error( $error ) { + global $wp_theme_directories; + + if ( ! isset( $error['file'] ) ) { + return false; + } + + if ( ! defined( 'WP_PLUGIN_DIR' ) ) { + return false; + } + + $error_file = wp_normalize_path( $error['file'] ); + $wp_plugin_dir = wp_normalize_path( WP_PLUGIN_DIR ); + + if ( 0 === strpos( $error_file, $wp_plugin_dir ) ) { + $path = str_replace( $wp_plugin_dir . '/', '', $error_file ); + $parts = explode( '/', $path ); + + return array( + 'type' => 'plugin', + 'slug' => $parts[0], + ); + } + + if ( empty( $wp_theme_directories ) ) { + return false; + } + + foreach ( $wp_theme_directories as $theme_directory ) { + $theme_directory = wp_normalize_path( $theme_directory ); + + if ( 0 === strpos( $error_file, $theme_directory ) ) { + $path = str_replace( $theme_directory . '/', '', $error_file ); + $parts = explode( '/', $path ); + + return array( + 'type' => 'theme', + 'slug' => $parts[0], + ); + } + } + + return false; + } + + /** + * Checks whether the given extension a network activated plugin. + * + * @since 5.2.0 + * + * @param array $extension Extension data. + * @return bool True if network plugin, false otherwise. + */ + protected function is_network_plugin( $extension ) { + if ( 'plugin' !== $extension['type'] ) { + return false; + } + + if ( ! is_multisite() ) { + return false; + } + + $network_plugins = wp_get_active_network_plugins(); + + foreach ( $network_plugins as $plugin ) { + if ( 0 === strpos( $plugin, $extension['slug'] . '/' ) ) { + return true; + } + } + + return false; + } + + /** + * Stores the given error so that the extension causing it is paused. + * + * @since 5.2.0 + * + * @param array $error Error that was triggered. + * @return bool True if the error was stored successfully, false otherwise. + */ + protected function store_error( $error ) { + $extension = $this->get_extension_for_error( $error ); + + if ( ! $extension ) { + return false; + } + + switch ( $extension['type'] ) { + case 'plugin': + return wp_paused_plugins()->set( $extension['slug'], $error ); + case 'theme': + return wp_paused_themes()->set( $extension['slug'], $error ); + default: + return false; + } + } + + /** + * Redirects the current request to allow recovering multiple errors in one go. + * + * The redirection will only happen when on a protected endpoint. + * + * It must be ensured that this method is only called when an error actually occurred and will not occur on the + * next request again. Otherwise it will create a redirect loop. + * + * @since 5.2.0 + */ + protected function redirect_protected() { + // Pluggable is usually loaded after plugins, so we manually include it here for redirection functionality. + if ( ! function_exists( 'wp_safe_redirect' ) ) { + require_once ABSPATH . WPINC . '/pluggable.php'; + } + + $scheme = is_ssl() ? 'https://' : 'http://'; + + $url = "{$scheme}{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"; + wp_safe_redirect( $url ); + exit; + } +} diff --git a/src/wp-includes/class-wp-theme.php b/src/wp-includes/class-wp-theme.php index 22a5768448..0bdd6a43e3 100644 --- a/src/wp-includes/class-wp-theme.php +++ b/src/wp-includes/class-wp-theme.php @@ -371,6 +371,10 @@ final class WP_Theme implements ArrayAccess { $this->parent = new WP_Theme( $this->template, isset( $theme_root_template ) ? $theme_root_template : $this->theme_root, $this ); } + if ( wp_paused_themes()->get( $this->stylesheet ) && ( ! is_wp_error( $this->errors ) || ! isset( $this->errors->errors['theme_paused'] ) ) ) { + $this->errors = new WP_Error( 'theme_paused', __( 'This theme failed to load properly and was paused within the admin backend.' ) ); + } + // We're good. If we didn't retrieve from cache, set it. if ( ! is_array( $cache ) ) { $cache = array( diff --git a/src/wp-includes/default-constants.php b/src/wp-includes/default-constants.php index 1d3fd5df98..b1830ac76d 100644 --- a/src/wp-includes/default-constants.php +++ b/src/wp-includes/default-constants.php @@ -302,6 +302,13 @@ function wp_cookie_constants() { if ( ! defined( 'COOKIE_DOMAIN' ) ) { define( 'COOKIE_DOMAIN', false ); } + + if ( ! defined( 'RECOVERY_MODE_COOKIE' ) ) { + /** + * @since 5.2.0 + */ + define( 'RECOVERY_MODE_COOKIE', 'wordpress_rec_' . COOKIEHASH ); + } } /** diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php index 4ab87de558..ecdc87cb3a 100644 --- a/src/wp-includes/default-filters.php +++ b/src/wp-includes/default-filters.php @@ -579,5 +579,6 @@ add_filter( 'pre_oembed_result', 'wp_filter_pre_oembed_result', 10, 3 ); // Capabilities add_filter( 'user_has_cap', 'wp_maybe_grant_install_languages_cap', 1 ); +add_filter( 'user_has_cap', 'wp_maybe_grant_resume_extensions_caps', 1 ); unset( $filter, $action ); diff --git a/src/wp-includes/error-protection.php b/src/wp-includes/error-protection.php index abcb1f9ba7..92bef74aa7 100644 --- a/src/wp-includes/error-protection.php +++ b/src/wp-includes/error-protection.php @@ -6,6 +6,72 @@ * @since 5.2.0 */ +/** + * Get the instance for storing paused plugins. + * + * @return WP_Paused_Extensions_Storage + */ +function wp_paused_plugins() { + static $storage = null; + + if ( null === $storage ) { + $storage = new WP_Paused_Extensions_Storage( 'plugin' ); + } + + return $storage; +} + +/** + * Get the instance for storing paused extensions. + * + * @return WP_Paused_Extensions_Storage + */ +function wp_paused_themes() { + static $storage = null; + + if ( null === $storage ) { + $storage = new WP_Paused_Extensions_Storage( 'theme' ); + } + + return $storage; +} + +/** + * Get a human readable description of an extension's error. + * + * @since 5.2.0 + * + * @param array $error Error details {@see error_get_last()} + * + * @return string Formatted error description. + */ +function wp_get_extension_error_description( $error ) { + $constants = get_defined_constants( true ); + $constants = isset( $constants['Core'] ) ? $constants['Core'] : $constants['internal']; + $core_errors = array(); + + foreach ( $constants as $constant => $value ) { + if ( 0 === strpos( $constant, 'E_' ) ) { + $core_errors[ $value ] = $constant; + } + } + + if ( isset( $core_errors[ $error['type'] ] ) ) { + $error['type'] = $core_errors[ $error['type'] ]; + } + + /* translators: 1: error type, 2: error line number, 3: error file name, 4: error message */ + $error_message = __( 'An error of type %1$s was caused in line %2$s of the file %3$s. Error message: %4$s' ); + + return sprintf( + $error_message, + "{$error['type']}", + "{$error['line']}", + "{$error['file']}", + "{$error['message']}" + ); +} + /** * Registers the shutdown handler for fatal errors. * @@ -52,3 +118,20 @@ function wp_is_fatal_error_handler_enabled() { */ return apply_filters( 'wp_fatal_error_handler_enabled', $enabled ); } + +/** + * Access the WordPress Recovery Mode instance. + * + * @since 5.2.0 + * + * @return WP_Recovery_Mode + */ +function wp_recovery_mode() { + static $wp_recovery_mode; + + if ( ! $wp_recovery_mode ) { + $wp_recovery_mode = new WP_Recovery_Mode(); + } + + return $wp_recovery_mode; +} diff --git a/src/wp-includes/load.php b/src/wp-includes/load.php index 245ecb1e61..b3c3762684 100644 --- a/src/wp-includes/load.php +++ b/src/wp-includes/load.php @@ -697,6 +697,43 @@ function wp_get_active_and_valid_plugins() { } } + /* + * Remove plugins from the list of active plugins when we're on an endpoint + * that should be protected against WSODs and the plugin is paused. + */ + if ( wp_is_recovery_mode() ) { + $plugins = wp_skip_paused_plugins( $plugins ); + } + + return $plugins; +} + +/** + * Filters a given list of plugins, removing any paused plugins from it. + * + * @since 5.2.0 + * + * @param array $plugins List of absolute plugin main file paths. + * @return array Filtered value of $plugins, without any paused plugins. + */ +function wp_skip_paused_plugins( array $plugins ) { + $paused_plugins = wp_paused_plugins()->get_all(); + + if ( empty( $paused_plugins ) ) { + return $plugins; + } + + foreach ( $plugins as $index => $plugin ) { + list( $plugin ) = explode( '/', plugin_basename( $plugin ) ); + + if ( array_key_exists( $plugin, $paused_plugins ) ) { + unset( $plugins[ $index ] ); + + // Store list of paused plugins for displaying an admin notice. + $GLOBALS['_paused_plugins'][ $plugin ] = $paused_plugins[ $plugin ]; + } + } + return $plugins; } @@ -725,9 +762,146 @@ function wp_get_active_and_valid_themes() { $themes[] = TEMPLATEPATH; + /* + * Remove themes from the list of active themes when we're on an endpoint + * that should be protected against WSODs and the theme is paused. + */ + if ( wp_is_recovery_mode() ) { + $themes = wp_skip_paused_themes( $themes ); + + // If no active and valid themes exist, skip loading themes. + if ( empty( $themes ) ) { + add_filter( 'wp_using_themes', '__return_false' ); + } + } + return $themes; } +/** + * Filters a given list of themes, removing any paused themes from it. + * + * @since 5.2.0 + * + * @param array $themes List of absolute theme directory paths. + * @return array Filtered value of $themes, without any paused themes. + */ +function wp_skip_paused_themes( array $themes ) { + $paused_themes = wp_paused_themes()->get_all(); + + if ( empty( $paused_themes ) ) { + return $themes; + } + + foreach ( $themes as $index => $theme ) { + $theme = basename( $theme ); + + if ( array_key_exists( $theme, $paused_themes ) ) { + unset( $themes[ $index ] ); + + // Store list of paused themes for displaying an admin notice. + $GLOBALS['_paused_themes'][ $theme ] = $paused_themes[ $theme ]; + } + } + + return $themes; +} + +/** + * Is WordPress in Recovery Mode. + * + * In this mode, plugins or themes that cause WSODs will be paused. + * + * @since 5.2.0 + * + * @return bool + */ +function wp_is_recovery_mode() { + return wp_recovery_mode()->is_active(); +} + +/** + * Determines whether we are currently on an endpoint that should be protected against WSODs. + * + * @since 5.2.0 + * + * @return bool True if the current endpoint should be protected. + */ +function is_protected_endpoint() { + // Protect login pages. + if ( isset( $GLOBALS['pagenow'] ) && 'wp-login.php' === $GLOBALS['pagenow'] ) { + return true; + } + + // Protect the admin backend. + if ( is_admin() && ! wp_doing_ajax() ) { + return true; + } + + // Protect AJAX actions that could help resolve a fatal error should be available. + if ( is_protected_ajax_action() ) { + return true; + } + + /** + * Filters whether the current request is against a protected endpoint. + * + * This filter is only fired when an endpoint is requested which is not already protected by + * WordPress core. As such, it exclusively allows providing further protected endpoints in + * addition to the admin backend, login pages and protected AJAX actions. + * + * @since 5.2.0 + * + * @param bool $is_protected_endpoint Whether the currently requested endpoint is protected. Default false. + */ + return (bool) apply_filters( 'is_protected_endpoint', false ); +} + +/** + * Determines whether we are currently handling an AJAX action that should be protected against WSODs. + * + * @since 5.2.0 + * + * @return bool True if the current AJAX action should be protected. + */ +function is_protected_ajax_action() { + if ( ! wp_doing_ajax() ) { + return false; + } + + if ( ! isset( $_REQUEST['action'] ) ) { + return false; + } + + $actions_to_protect = array( + 'edit-theme-plugin-file', // Saving changes in the core code editor. + 'heartbeat', // Keep the heart beating. + 'install-plugin', // Installing a new plugin. + 'install-theme', // Installing a new theme. + 'search-plugins', // Searching in the list of plugins. + 'search-install-plugins', // Searching for a plugin in the plugin install screen. + 'update-plugin', // Update an existing plugin. + 'update-theme', // Update an existing theme. + ); + + /** + * Filters the array of protected AJAX actions. + * + * This filter is only fired when doing AJAX and the AJAX request has an 'action' property. + * + * @since 5.2.0 + * + * @param array $actions_to_protect Array of strings with AJAX actions to protect. + */ + $actions_to_protect = (array) apply_filters( 'wp_protected_ajax_actions', $actions_to_protect ); + + if ( ! in_array( $_REQUEST['action'], $actions_to_protect, true ) ) { + return false; + } + + return true; +} + /** * Set internal encoding. * diff --git a/src/wp-login.php b/src/wp-login.php index 1110e0210f..10eb813a7a 100644 --- a/src/wp-login.php +++ b/src/wp-login.php @@ -439,7 +439,7 @@ if ( isset( $_GET['key'] ) ) { } // Validate action so as to default to the login screen. -if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction' ), true ) && false === has_filter( 'login_form_' . $action ) ) { +if ( ! in_array( $action, array( 'postpass', 'logout', 'lostpassword', 'retrievepassword', 'resetpass', 'rp', 'register', 'login', 'confirmaction', WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED ), true ) && false === has_filter( 'login_form_' . $action ) ) { $action = 'login'; } @@ -1028,6 +1028,8 @@ switch ( $action ) { $errors->add( 'registered', __( 'Registration complete. Please check your email.' ), 'message' ); } elseif ( strpos( $redirect_to, 'about.php?updated' ) ) { $errors->add( 'updated', __( 'You have successfully updated WordPress! Please log back in to see what’s new.' ), 'message' ); + } elseif ( WP_Recovery_Mode_Link_Service::LOGIN_ACTION_ENTERED === $action ) { + $errors->add( 'enter_recovery_mode', __( 'Recovery Mode Initialized. Please log in to continue.' ), 'message' ); } } diff --git a/src/wp-settings.php b/src/wp-settings.php index 5f52637409..fa9f9a3a25 100644 --- a/src/wp-settings.php +++ b/src/wp-settings.php @@ -17,7 +17,13 @@ define( 'WPINC', 'wp-includes' ); // Include files required for initialization. require( ABSPATH . WPINC . '/load.php' ); +require( ABSPATH . WPINC . '/class-wp-paused-extensions-storage.php' ); require( ABSPATH . WPINC . '/class-wp-fatal-error-handler.php' ); +require( ABSPATH . WPINC . '/class-wp-recovery-mode-cookie-service.php' ); +require( ABSPATH . WPINC . '/class-wp-recovery-mode-key-service.php' ); +require( ABSPATH . WPINC . '/class-wp-recovery-mode-link-service.php' ); +require( ABSPATH . WPINC . '/class-wp-recovery-mode-email-service.php' ); +require( ABSPATH . WPINC . '/class-wp-recovery-mode.php' ); require( ABSPATH . WPINC . '/error-protection.php' ); require( ABSPATH . WPINC . '/default-constants.php' ); require_once( ABSPATH . WPINC . '/plugin.php' ); @@ -345,6 +351,11 @@ wp_start_scraping_edited_file_errors(); // Register the default theme directory root register_theme_directory( get_theme_root() ); +if ( ! is_multisite() ) { + // Handle users requesting a recovery mode link and initiating recovery mode. + wp_recovery_mode()->initialize(); +} + // Load active plugins. foreach ( wp_get_active_and_valid_plugins() as $plugin ) { wp_register_plugin_realpath( $plugin ); diff --git a/tests/phpunit/tests/error-protection/recovery-mode-cookie-service.php b/tests/phpunit/tests/error-protection/recovery-mode-cookie-service.php new file mode 100644 index 0000000000..203b1f9aee --- /dev/null +++ b/tests/phpunit/tests/error-protection/recovery-mode-cookie-service.php @@ -0,0 +1,89 @@ +validate_cookie( 'gibbersih' ); + $this->assertWPError( $error ); + $this->assertEquals( 'invalid_format', $error->get_error_code() ); + + $error = $service->validate_cookie( base64_encode( 'test|data|format' ) ); + $this->assertWPError( $error ); + $this->assertEquals( 'invalid_format', $error->get_error_code() ); + + $error = $service->validate_cookie( base64_encode( 'test|data|format|to|long' ) ); + $this->assertWPError( $error ); + $this->assertEquals( 'invalid_format', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_cookie_returns_wp_error_if_expired() { + $service = new WP_Recovery_Mode_Cookie_Service(); + $reflection = new ReflectionMethod( $service, 'recovery_mode_hash' ); + $reflection->setAccessible( true ); + + $to_sign = sprintf( 'recovery_mode|%s|%s', time() - WEEK_IN_SECONDS - 30, wp_generate_password( 20, false ) ); + $signed = $reflection->invoke( $service, $to_sign ); + $cookie = base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); + + $error = $service->validate_cookie( $cookie ); + $this->assertWPError( $error ); + $this->assertEquals( 'expired', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_cookie_returns_wp_error_if_signature_mismatch() { + $service = new WP_Recovery_Mode_Cookie_Service(); + $reflection = new ReflectionMethod( $service, 'generate_cookie' ); + $reflection->setAccessible( true ); + + $cookie = $reflection->invoke( $service ); + $cookie .= 'gibbersih'; + + $error = $service->validate_cookie( $cookie ); + $this->assertWPError( $error ); + $this->assertEquals( 'signature_mismatch', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_cookie_returns_wp_error_if_created_at_is_invalid_format() { + $service = new WP_Recovery_Mode_Cookie_Service(); + $reflection = new ReflectionMethod( $service, 'recovery_mode_hash' ); + $reflection->setAccessible( true ); + + $to_sign = sprintf( 'recovery_mode|%s|%s', 'month', wp_generate_password( 20, false ) ); + $signed = $reflection->invoke( $service, $to_sign ); + $cookie = base64_encode( sprintf( '%s|%s', $to_sign, $signed ) ); + + $error = $service->validate_cookie( $cookie ); + $this->assertWPError( $error ); + $this->assertEquals( 'invalid_created_at', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_cookie_returns_true_for_valid_cookie() { + + $service = new WP_Recovery_Mode_Cookie_Service(); + $reflection = new ReflectionMethod( $service, 'generate_cookie' ); + $reflection->setAccessible( true ); + + $this->assertTrue( $service->validate_cookie( $reflection->invoke( $service ) ) ); + } +} diff --git a/tests/phpunit/tests/error-protection/recovery-mode-key-service.php b/tests/phpunit/tests/error-protection/recovery-mode-key-service.php new file mode 100644 index 0000000000..8e275c3535 --- /dev/null +++ b/tests/phpunit/tests/error-protection/recovery-mode-key-service.php @@ -0,0 +1,91 @@ +generate_and_store_recovery_mode_key(); + + $this->assertNotWPError( $key ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_wp_error_if_no_key_set() { + $service = new WP_Recovery_Mode_Key_Service(); + $error = $service->validate_recovery_mode_key( 'abcd', HOUR_IN_SECONDS ); + + $this->assertWPError( $error ); + $this->assertEquals( 'no_recovery_key_set', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_wp_error_if_stored_format_is_invalid() { + update_option( 'recovery_key', 'gibberish' ); + + $service = new WP_Recovery_Mode_Key_Service(); + $error = $service->validate_recovery_mode_key( 'abcd', HOUR_IN_SECONDS ); + + $this->assertWPError( $error ); + $this->assertEquals( 'invalid_recovery_key_format', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_wp_error_if_empty_key() { + $service = new WP_Recovery_Mode_Key_Service(); + $service->generate_and_store_recovery_mode_key(); + $error = $service->validate_recovery_mode_key( '', HOUR_IN_SECONDS ); + + $this->assertWPError( $error ); + $this->assertEquals( 'hash_mismatch', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_wp_error_if_hash_mismatch() { + $service = new WP_Recovery_Mode_Key_Service(); + $service->generate_and_store_recovery_mode_key(); + $error = $service->validate_recovery_mode_key( 'abcd', HOUR_IN_SECONDS ); + + $this->assertWPError( $error ); + $this->assertEquals( 'hash_mismatch', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_wp_error_if_expired() { + $service = new WP_Recovery_Mode_Key_Service(); + $key = $service->generate_and_store_recovery_mode_key(); + + $record = get_option( 'recovery_key' ); + $record['created_at'] = time() - HOUR_IN_SECONDS - 30; + update_option( 'recovery_key', $record ); + + $error = $service->validate_recovery_mode_key( $key, HOUR_IN_SECONDS ); + + $this->assertWPError( $error ); + $this->assertEquals( 'key_expired', $error->get_error_code() ); + } + + /** + * @ticket 46130 + */ + public function test_validate_recovery_mode_key_returns_true_for_valid_key() { + $service = new WP_Recovery_Mode_Key_Service(); + $key = $service->generate_and_store_recovery_mode_key(); + $this->assertTrue( $service->validate_recovery_mode_key( $key, HOUR_IN_SECONDS ) ); + } +} diff --git a/tests/phpunit/tests/user/capabilities.php b/tests/phpunit/tests/user/capabilities.php index 3bc5264d52..86d70c3ea2 100644 --- a/tests/phpunit/tests/user/capabilities.php +++ b/tests/phpunit/tests/user/capabilities.php @@ -101,6 +101,8 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'remove_users' => array( 'administrator' ), 'switch_themes' => array( 'administrator' ), 'edit_dashboard' => array( 'administrator' ), + 'resume_plugins' => array( 'administrator' ), + 'resume_themes' => array( 'administrator' ), 'moderate_comments' => array( 'administrator', 'editor' ), 'manage_categories' => array( 'administrator', 'editor' ), @@ -181,6 +183,8 @@ class Tests_User_Capabilities extends WP_UnitTestCase { 'remove_users' => array( 'administrator' ), 'switch_themes' => array( 'administrator' ), 'edit_dashboard' => array( 'administrator' ), + 'resume_plugins' => array( 'administrator' ), + 'resume_themes' => array( 'administrator' ), 'moderate_comments' => array( 'administrator', 'editor' ), 'manage_categories' => array( 'administrator', 'editor' ), @@ -392,7 +396,10 @@ class Tests_User_Capabilities extends WP_UnitTestCase { $actual['editor'], $actual['author'], $actual['subscriber'], - $actual['contributor'] + $actual['contributor'], + // the following two are granted via `user_has_cap`: + $actual['resume_plugins'], + $actual['resume_themes'] ); unset( @@ -454,6 +461,8 @@ class Tests_User_Capabilities extends WP_UnitTestCase { // Singular object meta capabilities (where an object ID is passed) are not tested: $expected['activate_plugin'], $expected['deactivate_plugin'], + $expected['resume_plugin'], + $expected['resume_theme'], $expected['remove_user'], $expected['promote_user'], $expected['edit_user'],