From bfd27d5f497b62d2a5a9cf49b545ac34302c3dff Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Tue, 4 Feb 2025 18:14:11 +0100 Subject: [PATCH 1/4] update dev-dependencies and ci environment --- .drone.yml | 5 ++-- .github/workflows/test.yml | 24 +++++++++++++------ .../wordpress-plugin-asset-update.yml | 2 +- .github/workflows/wordpress-plugin-check.yml | 23 ++++++++++++++++++ .github/workflows/wordpress-plugin-deploy.yml | 2 +- bin/install-wp-tests.sh | 15 +++++++++++- package.json | 6 ++--- 7 files changed, 61 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/wordpress-plugin-check.yml diff --git a/.drone.yml b/.drone.yml index 8e48578..3ea88b3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,11 +14,11 @@ steps: depends_on: - composer-install - name: node-install - image: node:18 + image: node:22 commands: - npm install - name: lint-assets - image: node:20 + image: node:22 commands: - npx eslint scripts/block.js - npx eslint scripts/liveticker.js @@ -26,4 +26,3 @@ steps: - npx stylelint styles/liveticker.css depends_on: - node-install - diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a1e2144..f70de84 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,25 +7,34 @@ jobs: matrix: include: - php: '8.3' - wordpress: '6.4' + wordpress: '6.6' - php: '8.2' - wordpress: '6.3' + wordpress: '6.4' - php: '8.1' - wordpress: '6.1' + wordpress: '6.2' - php: '8.0' + wordpress: '6.0' + - php: '7.4' wordpress: '5.9' - php: '5.6' wordpress: '4.7' steps: - name: Checkout uses: actions/checkout@v4 + - name: Install SVN + run: | + if ! command -v svn > /dev/null; then + sudo apt-get update + sudo apt-get install -y subversion + fi - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: ${{ matrix.php }} + coverage: xdebug tools: composer - name: Setup DB - run: sudo /etc/init.d/mysql start + run: sudo sudo systemctl start mysql.service - name: Setup WP run: bash bin/install-wp-tests.sh wordpress root root localhost "${{ matrix.wordpress }}" - name: Install @@ -44,9 +53,9 @@ jobs: php-version: '8.2' tools: composer - name: Setup Node - uses: actions/setup-node@v3 + uses: actions/setup-node@v4 with: - node-version: '20' + node-version: '22' - name: Install run: | composer install --no-interaction @@ -65,7 +74,8 @@ jobs: with: fetch-depth: 0 - name: Analyze with SonarCloud - uses: sonarsource/sonarcloud-github-action@master + if: env.SONAR_TOKEN != '' + uses: sonarsource/sonarcloud-github-action@v3 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/wordpress-plugin-asset-update.yml b/.github/workflows/wordpress-plugin-asset-update.yml index d778b0b..59456dd 100644 --- a/.github/workflows/wordpress-plugin-asset-update.yml +++ b/.github/workflows/wordpress-plugin-asset-update.yml @@ -13,7 +13,7 @@ jobs: - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '8.0' + php-version: '8.2' tools: composer - name: Install run: composer install --no-interaction diff --git a/.github/workflows/wordpress-plugin-check.yml b/.github/workflows/wordpress-plugin-check.yml new file mode 100644 index 0000000..adc71fb --- /dev/null +++ b/.github/workflows/wordpress-plugin-check.yml @@ -0,0 +1,23 @@ +name: Plugin check +on: + push: + branches: [ 'stable', 'release/*' ] + pull_request: + branches: [ 'stable' ] +jobs: + check: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Package plugin + run: | + mkdir -p ./dist + tail -n +7 README.md > README.md.tmp && mv README.md.tmp README.md + rsync -rc --exclude-from=.distignore ./ ./dist/stklcode-liveticker --delete --delete-excluded + + - name: Check WP plugin + uses: wordpress/plugin-check-action@v1 + with: + build-dir: ./dist/stklcode-liveticker diff --git a/.github/workflows/wordpress-plugin-deploy.yml b/.github/workflows/wordpress-plugin-deploy.yml index 12f1f05..44ec31c 100644 --- a/.github/workflows/wordpress-plugin-deploy.yml +++ b/.github/workflows/wordpress-plugin-deploy.yml @@ -14,7 +14,7 @@ jobs: - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '7.4' + php-version: '8.2' tools: composer - name: Install run: composer install --no-interaction diff --git a/bin/install-wp-tests.sh b/bin/install-wp-tests.sh index ee05775..d2605fe 100755 --- a/bin/install-wp-tests.sh +++ b/bin/install-wp-tests.sh @@ -22,6 +22,17 @@ download() { curl -s "$1" > "$2"; elif [ `which wget` ]; then wget -nv -O "$2" "$1" + else + echo "Error: Neither curl nor wget is installed." + exit 1 + fi +} + +# Check if svn is installed +check_svn_installed() { + if ! command -v svn > /dev/null; then + echo "Error: svn is not installed. Please install svn and try again." + exit 1 fi } @@ -64,6 +75,7 @@ install_wp() { if [[ $WP_VERSION == 'nightly' || $WP_VERSION == 'trunk' ]]; then mkdir -p $TMPDIR/wordpress-trunk rm -rf $TMPDIR/wordpress-trunk/* + check_svn_installed svn export --quiet https://core.svn.wordpress.org/trunk $TMPDIR/wordpress-trunk/wordpress mv $TMPDIR/wordpress-trunk/wordpress/* $WP_CORE_DIR else @@ -92,7 +104,7 @@ install_wp() { tar --strip-components=1 -zxmf $TMPDIR/wordpress.tar.gz -C $WP_CORE_DIR fi - download https://raw.github.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php + download https://raw.githubusercontent.com/markoheijnen/wp-mysqli/master/db.php $WP_CORE_DIR/wp-content/db.php } install_test_suite() { @@ -108,6 +120,7 @@ install_test_suite() { # set up testing suite mkdir -p $WP_TESTS_DIR rm -rf $WP_TESTS_DIR/{includes,data} + check_svn_installed svn export --quiet --ignore-externals https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/includes/ $WP_TESTS_DIR/includes svn export --quiet --ignore-externals https://develop.svn.wordpress.org/${WP_TESTS_TAG}/tests/phpunit/data/ $WP_TESTS_DIR/data fi diff --git a/package.json b/package.json index 8f92fe1..915b9a2 100644 --- a/package.json +++ b/package.json @@ -5,9 +5,9 @@ "author": "Stefan Kalscheuer", "license": "GPL-2.0+", "devDependencies": { - "@wordpress/eslint-plugin": "^17", - "@wordpress/stylelint-config": "^21", + "@wordpress/eslint-plugin": "^22", + "@wordpress/stylelint-config": "^23", "eslint": "^8", - "stylelint": "^14" + "stylelint": "^16" } } From a0573a326cd0a5eaff4770cf801e961191f2ac8d Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Tue, 4 Feb 2025 18:16:21 +0100 Subject: [PATCH 2/4] declare compatibility with WordPress 6.7 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f759e0e..c770643 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ * Contributors: Stefan Kalscheuer * Tags: liveticker, feed, rss * Requires at least: 4.7 -* Tested up to: 6.4 +* Tested up to: 6.7 * Requires PHP: 5.6 * Stable tag: 1.2.2 * License: GPLv2 or later From 313159c74ab7755f4824e426ad9e5ab5cdbd1d40 Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Tue, 4 Feb 2025 17:58:19 +0100 Subject: [PATCH 3/4] fix: escape ticker ID in shortcode output (#28) Ticker ID is user input and may contain literally anything. While this is properly escaped in the internal query, we should also escape it in the generated HTML output. --- includes/class-scliveticker.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/includes/class-scliveticker.php b/includes/class-scliveticker.php index 89ab174..4405a2b 100644 --- a/includes/class-scliveticker.php +++ b/includes/class-scliveticker.php @@ -232,7 +232,7 @@ class SCLiveticker { $output = '
Feed'; } From 80946232ca527682190b69713b25cd565d858dbb Mon Sep 17 00:00:00 2001 From: Stefan Kalscheuer Date: Tue, 4 Feb 2025 18:20:16 +0100 Subject: [PATCH 4/4] prepare release of v1.2.3 (#29) --- README.md | 9 +++++++-- composer.json | 2 +- includes/class-scliveticker.php | 2 +- package.json | 2 +- stklcode-liveticker.php | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c770643..9882616 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ * Requires at least: 4.7 * Tested up to: 6.7 * Requires PHP: 5.6 -* Stable tag: 1.2.2 +* Stable tag: 1.2.3 * License: GPLv2 or later * License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -80,7 +80,12 @@ caching time of 12 hours obviously makes no sense. ## Changelog -### 1.2.2 - 2023-03-02 +### 1.2.3 - 2025-02-04 + +* Escape ticker ID in shortcode output +* Tested with WP 6.7 + +### 1.2.2 - 2024-03-02 * Update use of deprecated WP core functions * Extend output sanitization diff --git a/composer.json b/composer.json index 45326a3..70d9f0d 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,6 @@ { "name": "stklcode/stklcode-liveticker", - "version": "1.2.2", + "version": "1.2.3", "description": "A simple Liveticker for Wordpress.", "keywords": [ "wordpress", diff --git a/includes/class-scliveticker.php b/includes/class-scliveticker.php index 4405a2b..75ad882 100644 --- a/includes/class-scliveticker.php +++ b/includes/class-scliveticker.php @@ -26,7 +26,7 @@ class SCLiveticker { * * @var string OPTIONS */ - const VERSION = '1.2.2'; + const VERSION = '1.2.3'; /** * Options tag. diff --git a/package.json b/package.json index 915b9a2..29733b3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "stklcode-liveticker", - "version": "1.2.2", + "version": "1.2.3", "description": "A simple Liveticker for Wordpress.", "author": "Stefan Kalscheuer", "license": "GPL-2.0+", diff --git a/stklcode-liveticker.php b/stklcode-liveticker.php index 1cebdd8..0f2e890 100644 --- a/stklcode-liveticker.php +++ b/stklcode-liveticker.php @@ -9,7 +9,7 @@ * @wordpress-plugin * Plugin Name: Liveticker (by stklcode) * Description: A simple Liveticker for WordPress. - * Version: 1.2.2 + * Version: 1.2.3 * Author: Stefan Kalscheuer * Author URI: https://www.stklcode.de * Text Domain: stklcode-liveticker