diff --git a/.env.example b/.env.example index dff11f1..bcbacb2 100644 --- a/.env.example +++ b/.env.example @@ -263,3 +263,6 @@ FT_DATA_DISTRIBUTOR_KEY=abc123 FT_MAINTAINANCE_WPDBBACKUP_EMAIL=webmaster+wp-db-backup@example.com + +FT_MAINTAINANCE_WPSDB_LOCAL=abc123 +FT_MAINTAINANCE_WPSDB_REMOTE=123abc diff --git a/.htaccess b/.htaccess index 04ea14a..7276c76 100644 --- a/.htaccess +++ b/.htaccess @@ -8,7 +8,7 @@ RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/ # Redirect all http traffic to https # Use the lexographically equal operator !=on. If you just use off it gets treated as a regex. - RewriteCond %{HTTPS} !=on + RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] @@ -51,7 +51,7 @@ # # "__media" is a ugly hardcoded virtual directory # -# ... to help with proper rewrite rules for media below +# ... to help with proper rewrite rules for media below # the prefered domainname of the currently viewed site. # # It is used and needs to be updated at the following locations: @@ -429,7 +429,7 @@ Header set Expires "Thu, 15 Apr 2024 20:00:00 GMT" # figuren.theater CLEANUP # redirect ugly or unstructured URLs from the beginning # into the proper scheme, given in 03/2021 -# +# # Old scheme: # %category%/%year%/%postname% # NEW scheme: @@ -443,11 +443,11 @@ Header set Expires "Thu, 15 Apr 2024 20:00:00 GMT" RewriteCond %{HTTP_HOST} ^meta\.figuren\.theater [NC,OR] RewriteCond %{HTTP_HOST} ^meta\.figuren\.test [NC] - + # created with help from https://yoast.com/research/permalink-helper.php # 1. Group: category # 2. Group: year - # 3. Group: post_title !! in our new scheme, this 3rd param + # 3. Group: post_title !! in our new scheme, this 3rd param # is representing the monthly archives, # so make sure to prevent rewriting thoose. RewriteRule ^([^/]+)/([0-9]{4})/([^/\d]+)/$ ?name=$3 [L] @@ -554,17 +554,17 @@ Header set Expires "Thu, 15 Apr 2024 20:00:00 GMT" # ---------------------------------------------------------------------- # Prevent Username Enumeration -# +# # like: https://domain.com/?author=1 -# -# The request will be redirected -# to the author’s page with the corresponding user ID, +# +# The request will be redirected +# to the author’s page with the corresponding user ID, # what we DON'T want. -# +# # https://domain.com/author/admin_username -# +# # We want to block all author scan attacks! -# +# # Except admin requests like for "My posts" # wp-admin/edit.php?post_type=post&author=1 # This should be OK! @@ -575,7 +575,7 @@ Header set Expires "Thu, 15 Apr 2024 20:00:00 GMT" RewriteCond %{REQUEST_URI} !(wp-admin) [NC] RewriteCond %{QUERY_STRING} author=\d - # send 403 Forbidden + # send 403 Forbidden RewriteRule ^ - [L,R=403] @@ -588,7 +588,7 @@ Header set Expires "Thu, 15 Apr 2024 20:00:00 GMT" -# WP 3.5+ Version +# WP 3.5+ Version # @see http://codex.wordpress.org/Multisite_Network_Administration#.htaccess_and_Mod_Rewrite RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] @@ -609,10 +609,10 @@ RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^ - [L] # RewriteRule ^(wp-(content|admin|includes).*) wp/$1 [L] # (TEST: MULTI NETWORK) -# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] -# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-includes.*) wp/$2 [L] -# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp/)?(wp-(content|admin|includes).*) $3 [L] -RewriteRule ^([_0-9a-zA-Z-\/]+/)?(wp-(content|admin|includes).*) wp/$2 [L] +# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L] +# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-includes.*) wp/$2 [L] +# RewriteRule ^([_0-9a-zA-Z-]+/)?(wp/)?(wp-(content|admin|includes).*) $3 [L] +RewriteRule ^([_0-9a-zA-Z-\/]+/)?(wp-(content|admin|includes).*) wp/$2 [L] # RewriteRule ^(.*\.php)$ wp/$1 [L] @@ -626,7 +626,7 @@ RewriteRule . index.php [L] # ---------------------------------------------------------------------- # Protect Important WP and Server Files -# +# # Disables access to ... # 1. old and (hope-) fully unused xmlrpc API # 2. any log files @@ -640,7 +640,7 @@ RewriteRule . index.php [L] # ---------------------------------------------------------------------- -# HTTP Headers for better security +# HTTP Headers for better security # ---------------------------------------------------------------------- @@ -654,40 +654,40 @@ RewriteRule . index.php [L] # Header set X-XSS-Protection "1; mode=block" - + # Deactivates MIME Sniffing in Internet Explorer and Chrome. # Header set X-Content-Type-Options nosniff - + # # https://developer.mozilla.org/en-US/docs/Learn/Server-side/Apache_Configuration_htaccess#frame_options # SAMEORIGIN or DENY - # + # # this prevents oEmbeds of our content to work properly - # @TODO find another solution - # Header set X-Frame-Options SAMEORIGIN - + # @TODO #12 find a finer grained solution to + # Header set X-Frame-Options SAMEORIGIN + # Referrer Policy # https://infosec.mozilla.org/guidelines/web_security#referrer-policy - # - # DISABLED to keep Referrers for the stats - # Header set Referrer-Policy: no-referrer-when-downgrade + # + # DISABLED to keep Referrers for the stats + # Header set Referrer-Policy: no-referrer-when-downgrade # https://developer.mozilla.org/en-US/docs/Learn/Server-side/Apache_Configuration_htaccess#content_security_policy_csp - # - # To make your CSP implementation easier, you can use an online CSP header generator. + # + # To make your CSP implementation easier, you can use an online CSP header generator. # https://report-uri.com/home/generate/ - # + # # You should also use a validator to make sure your header does what you want it to do. # https://csp-evaluator.withgoogle.com/ - # + # # Content-Security-Policy "default-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests" "expr=%{CONTENT_TYPE} =~ m#text\/(html|javascript)|application\/pdf|xml#i" - + # Permmisions (former:Feature) Policy # https://developer.chrome.com/docs/privacy-sandbox/permissions-policy/ # https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md # https://www.permissionspolicy.com/ - + # CLEANUP Header always unset X-Distributor diff --git a/composer.json b/composer.json index 8b1b373..23589b6 100644 --- a/composer.json +++ b/composer.json @@ -44,6 +44,10 @@ "type": "git", "url": "https://github.com/carstingaxion/feed-pull" }, + { + "type": "git", + "url": "https://github.com/carstingaxion/Mercator-GUI" + }, { "type": "git", "url": "https://github.com/carstingaxion/wordpress-cache-control" @@ -68,10 +72,6 @@ "type": "git", "url": "https://github.com/figuren-theater/altis-core" }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-admin-ui" - }, { "type": "git", "url": "https://github.com/figuren-theater/ft-core-block-domaincheck" @@ -80,14 +80,6 @@ "type": "git", "url": "https://github.com/figuren-theater/ft-data" }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-interactive" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-media" - }, { "type": "git", "url": "https://github.com/figuren-theater/ft-network-block-patterns" @@ -100,38 +92,10 @@ "type": "git", "url": "https://github.com/figuren-theater/ft-onboarding" }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-options" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-performance" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-platform-collection" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-privacy" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-routes" - }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-security" - }, { "type": "git", "url": "https://github.com/figuren-theater/ft-seo" }, - { - "type": "git", - "url": "https://github.com/figuren-theater/ft-site-editing" - }, { "type": "git", "url": "https://github.com/figuren-theater/ft-network-block-editor" diff --git a/composer.lock b/composer.lock index 1da0e64..92dcc20 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "45646f28532301fde54f31845afb7ee8", + "content-hash": "d97d8701b53537d4fdfeb78e4a08211e", "packages": [ { "name": "composer/installers", @@ -219,20 +219,20 @@ }, { "name": "figuren-theater/ft-core", - "version": "1.2.19", + "version": "1.2.21", "source": { "type": "git", "url": "https://github.com/figuren-theater/ft-core.git", - "reference": "fa1866cbfe92ffb5bb7584d93a7d37de7fa073b6" + "reference": "935fe029152a3df43bce113f97bda7a1335d66e6" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/figuren-theater/ft-core/zipball/fa1866cbfe92ffb5bb7584d93a7d37de7fa073b6", - "reference": "fa1866cbfe92ffb5bb7584d93a7d37de7fa073b6", + "url": "https://api.github.com/repos/figuren-theater/ft-core/zipball/935fe029152a3df43bce113f97bda7a1335d66e6", + "reference": "935fe029152a3df43bce113f97bda7a1335d66e6", "shasum": "" }, "require": { - "composer/installers": "^1.12", + "composer/installers": "^1", "figuren-theater/altis-core": "^0.1", "koodimonni/composer-dropin-installer": "^1.4", "php": ">=7.1" @@ -278,7 +278,7 @@ "issues": "https://github.com/figuren-theater/ft-core/issues", "source": "https://github.com/figuren-theater/ft-core" }, - "time": "2023-07-16T23:58:39+00:00" + "time": "2023-09-05T20:08:53+00:00" }, { "name": "koodimonni/composer-dropin-installer", @@ -900,16 +900,16 @@ }, { "name": "figuren-theater/code-quality", - "version": "0.6.6", + "version": "0.7.0", "source": { "type": "git", "url": "https://github.com/figuren-theater/code-quality.git", - "reference": "e75a8e42841f7637ee5c4b69c0bd3c55a07a4fbc" + "reference": "c783c4f792e4f448101d50cb19b97edcf52d310d" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/figuren-theater/code-quality/zipball/e75a8e42841f7637ee5c4b69c0bd3c55a07a4fbc", - "reference": "e75a8e42841f7637ee5c4b69c0bd3c55a07a4fbc", + "url": "https://api.github.com/repos/figuren-theater/code-quality/zipball/c783c4f792e4f448101d50cb19b97edcf52d310d", + "reference": "c783c4f792e4f448101d50cb19b97edcf52d310d", "shasum": "" }, "require": { @@ -949,20 +949,20 @@ "issues": "https://github.com/figuren-theater/code-quality/issues", "source": "https://github.com/figuren-theater/code-quality" }, - "time": "2023-07-17T18:30:13+00:00" + "time": "2023-09-01T23:53:33+00:00" }, { "name": "figuren-theater/coding-standards", - "version": "0.3.2", + "version": "0.3.3", "source": { "type": "git", "url": "https://github.com/figuren-theater/coding-standards.git", - "reference": "4a2e3ffd2b94b1e2d3aee35cccd9fa1eed84dbec" + "reference": "42929bf1e4c18f6ea16ec0a935b001548b825b5e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/figuren-theater/coding-standards/zipball/4a2e3ffd2b94b1e2d3aee35cccd9fa1eed84dbec", - "reference": "4a2e3ffd2b94b1e2d3aee35cccd9fa1eed84dbec", + "url": "https://api.github.com/repos/figuren-theater/coding-standards/zipball/42929bf1e4c18f6ea16ec0a935b001548b825b5e", + "reference": "42929bf1e4c18f6ea16ec0a935b001548b825b5e", "shasum": "" }, "require": { @@ -999,20 +999,20 @@ "issues": "https://github.com/figuren-theater/coding-standards/issues", "source": "https://github.com/figuren-theater/coding-standards" }, - "time": "2023-07-18T14:22:04+00:00" + "time": "2023-08-25T09:04:03+00:00" }, { "name": "figuren-theater/phpstan", - "version": "1.1.1", + "version": "1.1.2", "source": { "type": "git", "url": "https://github.com/figuren-theater/phpstan.git", - "reference": "3aec3c760c830f185098280bf12fcec78701cb86" + "reference": "b4e7fffb5b43e24f5de9f21e53f2c3df2023ed82" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/figuren-theater/phpstan/zipball/3aec3c760c830f185098280bf12fcec78701cb86", - "reference": "3aec3c760c830f185098280bf12fcec78701cb86", + "url": "https://api.github.com/repos/figuren-theater/phpstan/zipball/b4e7fffb5b43e24f5de9f21e53f2c3df2023ed82", + "reference": "b4e7fffb5b43e24f5de9f21e53f2c3df2023ed82", "shasum": "" }, "require": { @@ -1053,7 +1053,7 @@ "issues": "https://github.com/figuren-theater/phpstan/issues", "source": "https://github.com/figuren-theater/phpstan" }, - "time": "2023-06-26T21:48:02+00:00" + "time": "2023-09-01T22:15:08+00:00" }, { "name": "humanmade/coding-standards", @@ -1528,16 +1528,16 @@ }, { "name": "phpstan/phpstan", - "version": "1.10.28", + "version": "1.10.33", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "e4545b55904ebef470423d3ddddb74fa7325497a" + "reference": "03b1cf9f814ba0863c4e9affea49a4d1ed9a2ed1" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/e4545b55904ebef470423d3ddddb74fa7325497a", - "reference": "e4545b55904ebef470423d3ddddb74fa7325497a", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/03b1cf9f814ba0863c4e9affea49a4d1ed9a2ed1", + "reference": "03b1cf9f814ba0863c4e9affea49a4d1ed9a2ed1", "shasum": "" }, "require": { @@ -1586,7 +1586,7 @@ "type": "tidelift" } ], - "time": "2023-08-08T12:33:42+00:00" + "time": "2023-09-04T12:20:53+00:00" }, { "name": "squizlabs/php_codesniffer", @@ -1647,16 +1647,16 @@ }, { "name": "symfony/polyfill-php73", - "version": "v1.27.0", + "version": "v1.28.0", "source": { "type": "git", "url": "https://github.com/symfony/polyfill-php73.git", - "reference": "9e8ecb5f92152187c4799efd3c96b78ccab18ff9" + "reference": "fe2f306d1d9d346a7fee353d0d5012e401e984b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/9e8ecb5f92152187c4799efd3c96b78ccab18ff9", - "reference": "9e8ecb5f92152187c4799efd3c96b78ccab18ff9", + "url": "https://api.github.com/repos/symfony/polyfill-php73/zipball/fe2f306d1d9d346a7fee353d0d5012e401e984b5", + "reference": "fe2f306d1d9d346a7fee353d0d5012e401e984b5", "shasum": "" }, "require": { @@ -1665,7 +1665,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-main": "1.27-dev" + "dev-main": "1.28-dev" }, "thanks": { "name": "symfony/polyfill", @@ -1706,7 +1706,7 @@ "shim" ], "support": { - "source": "https://github.com/symfony/polyfill-php73/tree/v1.27.0" + "source": "https://github.com/symfony/polyfill-php73/tree/v1.28.0" }, "funding": [ { @@ -1722,7 +1722,7 @@ "type": "tidelift" } ], - "time": "2022-11-03T14:55:06+00:00" + "time": "2023-01-26T09:26:14+00:00" }, { "name": "szepeviktor/phpstan-wordpress", diff --git a/content/mu-plugins/01-ft-platform-mu-loader.php b/content/mu-plugins/01-ft-platform-mu-loader.php index 0e9bf00..cf2a5b4 100644 --- a/content/mu-plugins/01-ft-platform-mu-loader.php +++ b/content/mu-plugins/01-ft-platform-mu-loader.php @@ -31,7 +31,7 @@ 'ft-maintenance', 'ft-media', 'ft-onboarding', - // 'ft-options', + // 'ft-options', // Loaded via deprecated__Figuren_Theater__v2/Figuren_Theater.php // @todo ... 'ft-performance', 'ft-privacy', 'ft-routes', diff --git a/wp-config.default.php b/wp-config.default.php index 85444a0..141b802 100644 --- a/wp-config.default.php +++ b/wp-config.default.php @@ -96,6 +96,12 @@ define( 'DISALLOW_FILE_EDIT', true ); define( 'DISALLOW_FILE_MODS', true ); +// =========================================================== +// Disallow anybody to insert arbitary HTML (or JS) into posts +// This prevents administrators and editors from doing so. +// =========================================================== +define( 'DISALLOW_UNFILTERED_HTML', true ); + // ===================================================== // Set Memory Limit // overwrite a typical and possible default value of 32M @@ -169,8 +175,7 @@ // // Because we want to switch this constant based on the currently queried network // -// @TODO -// We need a nice way to change this constant. +// @TODO #13 Find a nice way to change the SUBDOMAIN_INSTALL constant. // // TESTING for wp-multi-network (disabled, rely on ms_subdomain_constants() ) // BUT needs to be enabled for ft-core-domaincheck-block (re-enabled) @@ -179,7 +184,7 @@ case 'mein.figuren.theater': case 'mein.figuren.test': - // TODO + // TODO #13 // The ...case 'mein.puppen.test': --> results in an untrackable error, when Alias is active via Mercator. define( 'SUBDOMAIN_INSTALL', false ); break;