checksum-command icon indicating copy to clipboard operation
checksum-command copied to clipboard
verified publisher icon wp-cli

Add support for checksum verification of must-use plugins

Open schlessera opened this issue 8 years ago • 3 comments

As discussed in https://github.com/wp-cli/checksum-command/pull/26#discussion_r158490573 , the plugin checksum verification currently ignores must-use plugins.

Should these be checked by default? ... or only through an additional flag?

I think I'd prefer to have them be included in the checks by default, with a flag to omit them if they should cause trouble.

schlessera avatar Dec 22 '17 14:12 schlessera

Where would checksums of MU plugins come from?

szepeviktor avatar Apr 24 '18 14:04 szepeviktor

The plugin header file can be checked to retrieve the plugin slug.

This works well for normal plugins that were moved into the mu-plugins folder and an MU-loader system like the one from Bedrock or WP-Starter takes care of actually loading them.

It won't work so well for:

  1. Individual plugin files that were put there just to trigger the loading of a subfolder plugin.
  2. Individual plugin files that contain custom logic for that site.

For now, we should throw warnings when 1. or 2. are found, as erroring out would make MU-plugins mostly unusable in terms of checksum verification.

schlessera avatar May 08 '18 07:05 schlessera

I solve a lot of problems in single-file MU plugins. At least 10 MU-s are installed per site.

It would be great to have checksums in a list like

mu-file-name.php<TAB>hash-hash-hash

owned by root and having 0644 permissions.

szepeviktor avatar May 08 '18 08:05 szepeviktor