enforce configuration of Safe Browsing API key (#104) #108
Conversation
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
2 times, most recently
from
46caab0 to
e12e543
Compare
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
e12e543 to
27cc83a
Compare
| if ( self::_get_option( 'safe_browsing' ) && empty( $safe_browsing_key ) ) { | ||
| self::_update_option( 'safe_browsing', 0 ); | ||
| set_transient( 'antivirus-activation-notice', true, 2592000 ); | ||
| } |
There was a problem hiding this comment.
In my manual tests the admin notice was never shown. When (re)activating AntiVirus, all options are cleared in ll. 138-143. Therefore the condition in l. 152 can never be true, right?
This check be run independent of activation, shouldn't it? I. e. after the update or in the check_safe_browsing() method itself? Then we even cover cases such as updating incl. the correction + warning and importing a DB backup afterwards - check is repeated and results in showing the warning again.
There was a problem hiding this comment.
I'll take a look at the implementation again, possibly something got lost or is still incorrect here.
This check be run independent of activation, shouldn't it? I. e. after the update
The check should be run in several places. The one here in the activation hook should be triggered right after plugin activation and as plugins are reactivated after an update, at least once after the update and should notify the administrator that the check has been disabled (if it was enabled without API key before). In this place we set a transient object because the update might be triggered asynchronously so the admin will be informed on the next visit.
Check is also performed when saving settings and right before the check itself, if for any reason the options are stored incorrectly.
When (re)activating AntiVirus, all options are cleared in ll. 138-143.
That's not correct. Options should and must not be cleared on plugin activation, otherwise everything would be reset on updates or reactivation for whatever reason.
From the add_option() reference:
Existing options will not be updated and checks are performed to ensure that you aren’t adding a protected WordPress option.
There was a problem hiding this comment.
Works for me in the intended way:
- save settings with SB enabled and no API key in v1.4.3 (raises a warning)
- update plugin to 1.5.0
- deactivate and activate the plugin (done automatically when updating the regular way)
- warning is shown once that SB has been disabled
screenshot (animated)
There was a problem hiding this comment.
warning is shown once that SB has been disabled
Could this be displayed until it is actively dismissed? Otherwise it could easily be missed ...
Codecov ReportPatch coverage:
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## develop #108 +/- ##
=============================================
- Coverage 35.93% 35.27% -0.66%
+ Complexity 151 146 -5
=============================================
Files 5 5
Lines 782 788 +6
=============================================
- Hits 281 278 -3
- Misses 501 510 +9
☔ View full report in Codecov by Sentry. |
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
b5c312f to
baf3941
Compare
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
baf3941 to
329d258
Compare
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
329d258 to
aad7d2c
Compare
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
aad7d2c to
4d7e3be
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
|
Merging is blocked because @patrickrobrecht requested changes. Maybe he can look at it again. Otherwise, I can merge without those changes if necessary. |
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
4d7e3be to
3a059a8
Compare
|
Looks like And additionally the comment seems confusing:
Maybe changing it to makes it clearer:
|
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
0cbc229 to
043408b
Compare
The built-in fallback API key must not be used anymore. Enforce configuration of a custom API key and deactivate the feature, if none is provided.
stklcode
force-pushed
the
feature/104-enforce-safebrowsing-key
branch
from
043408b to
ef265c9
Compare
|
SonarCloud Quality Gate failed.
|
Second stage of #104 and follow-up to #105.
The warning that will be introduces in 1.4.3 (#105) is now an error. On plugin activation Safe Browsing will be deactivated, if no key is provided. In the settings UI, the field is not "required" (should be no problem, because is it also "disabled" if the checkbox is unchecked) and if for whatever reason the configuration is saved without a key, an error will be displayed.
If again for any reason the check is triggered without a key, the fallback is no longer be used and the check is skipped.