Merge pull request #727 from udx/develop-alexey

Develop alexey

.github/workflows/publish-release.yml

@@ -7,19 +7,39 @@ on:
       release:
         description: 'Release version (e.g. 1.2.3)'
         required: true
+      prerelease:
+        description: 'Pre-release version (e.g. RC1, beta, etc...)'
+        required: false
 
 permissions:
   contents: write
 
 env:
   TAG: ${{ github.event.inputs.release }}
+  PRETAG: ${{ github.event.inputs.prerelease }}
   BRANCH: temp-release-${{ github.event.inputs.release }}
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      # ref and repository are required, otherwise repo could appear in detached head state
+      - name: Prepare vars
+        id: vars
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const full_tag = [
+              process.env.TAG,
+              process.env.PRETAG
+            ].filter(Boolean).join('-');
+            const branch = `temp-release-${full_tag}`;
+            const is_prerelease = !!process.env.PRETAG;
+
+            core.setOutput('full_tag', full_tag );
+            core.setOutput('branch', branch );
+            core.setOutput('is_prerelease', is_prerelease );
+        
+      # 'ref' and 'repository' are required, otherwise repo could appear in detached head state
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -82,8 +102,8 @@ jobs:
         uses: EndBug/add-and-commit@v9
         with:
           message: Cleanup files for release
-          new_branch: ${{ env.BRANCH }}
-          tag: ${{ env.TAG }}
+          new_branch: ${{ steps.vars.outputs.branch }}
+          tag: ${{ steps.vars.outputs.full_tag }}
 
       # generate SBOM that will be attached to a release as an artifact
       - name: Create SBOM
@@ -99,11 +119,11 @@ jobs:
         id: draft_release
         uses: softprops/action-gh-release@v1
         with:
-          name: "Release ${{ env.TAG }}"
+          name: "Release ${{ steps.vars.outputs.full_tag }}"
           body: "${{ steps.changelog.outputs.description }}"
-          tag_name: ${{ env.TAG }}
+          tag_name: ${{ steps.vars.outputs.full_tag }}
           draft: true
-          prerelease: false
+          prerelease: ${{ steps.vars.outputs.is_prerelease }}
 
       # attach SBOM to release
       - name: Upload SBOM to release
@@ -127,4 +147,4 @@ jobs:
       # delete temporary release branch
       - name: Delete temporary release branch
         run: |
-          git push origin --delete ${{ env.BRANCH }}
+          git push origin --delete ${{ steps.vars.outputs.branch }}

changelog.txt

@@ -1,6 +1,26 @@
 == Changelog ==
+= 4.0.0 =
+* NEW - use custom database tables to store GCS file data. This increases plugin performance and will be used for future improvements.  
+* NEW - added filter `wp_stateless_get_file`, retrieves the GCS file data, should be used instead of getting `sm_cloud` postmeta directly. 
+* NEW - added filter `wp_stateless_get_file_sizes`, retrieves the GCS file data for image sizes, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added filter `wp_stateless_get_file_meta`, retrieves all GCS file meta data, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added filter `wp_stateless_get_file_meta_value`, retrieves the GCS file meta data by meta_key, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added setting allowing to change email for WP-Stateless notifications.
+* NEW - added new Settings tab `Addons`, which contains the list of WP-Stateless Addons, which replace Compatibilities.
+* NEW - added new Settings tab `Status`, which contains status and health information related to Google Cloud Storage and WP-Stateless.
+* NEW - CLI command `wp stateless migrate` to list and operate data optimizations.
+* NEW - configuration constant [`WP_STATELESS_POSTMETA`](https://stateless.udx.io/docs/constants/#wp_stateless_postmeta) allows to read the GCS file data from postmeta instead of the new custom database tables.
+* NEW - configuration constant [`WP_STATELESS_BATCH_HEALTHCHECK_INTERVAL`](https://stateless.udx.io/docs/constants/#wp_stateless_batch_healthcheck_interval) defines an interval in minutes for periodical health checks of a batch background process (like data optimization).
+* COMPATIBILITY - BuddyBoss Compatibility replaced with [WP-Stateless – BuddyBoss Platform Addon](https://wordpress.org/plugins/wp-stateless-buddyboss-platform-addon/).
+* COMPATIBILITY - Elementor Compatibility replaced with [WP-Stateless – Elementor Website Builder Addon](https://wordpress.org/plugins/wp-stateless-elementor-website-builder-addon/).
+* COMPATIBILITY - Gravity Form Compatibility does not support older version of Gravity Forms (< 2.3).
+* ENHANCEMENT - Allow dismissing notices in Admin Panel only for logged in users.
+* ENHANCEMENT - Updated `wp-background-processing` library from from 1.0.2 to 1.1.1.
+* ENHANCEMENT - Updated `phpseclib` 3.0.34 to 3.0.37.
+* FIX - proper use of infinite timeout in `set_time_limit` function to avoid issues with PHP 8.1 and above [#704](https://github.com/udx/wp-stateless/issues/704).
+
 = 3.4.1 =
-FIX - improve security while processing AJAX requests in Admin Panel
+* FIX - improve security while processing AJAX requests in Admin Panel
 
 = 3.4.0 =
 * ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. 

changes.md

@@ -1,5 +1,25 @@
+#### 4.0.0
+* NEW - use custom database tables to store GCS file data. This increases plugin performance and will be used for future improvements.  
+* NEW - added filter `wp_stateless_get_file`, retrieves the GCS file data, should be used instead of getting `sm_cloud` postmeta directly. 
+* NEW - added filter `wp_stateless_get_file_sizes`, retrieves the GCS file data for image sizes, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added filter `wp_stateless_get_file_meta`, retrieves all GCS file meta data, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added filter `wp_stateless_get_file_meta_value`, retrieves the GCS file meta data by meta_key, should be used instead of getting `sm_cloud` postmeta directly.
+* NEW - added setting allowing to change email for WP-Stateless notifications.
+* NEW - added new Settings tab `Addons`, which contains the list of WP-Stateless Addons, which replace Compatibilities.
+* NEW - added new Settings tab `Status`, which contains status and health information related to Google Cloud Storage and WP-Stateless.
+* NEW - CLI command `wp stateless migrate` to list and operate data optimizations.
+* NEW - configuration constant [`WP_STATELESS_POSTMETA`](https://stateless.udx.io/docs/constants/#wp_stateless_postmeta) allows to read the GCS file data from postmeta instead of the new custom database tables.
+* NEW - configuration constant [`WP_STATELESS_BATCH_HEALTHCHECK_INTERVAL`](https://stateless.udx.io/docs/constants/#wp_stateless_batch_healthcheck_interval) defines an interval in minutes for periodical health checks of a batch background process (like data optimization).
+* COMPATIBILITY - BuddyBoss Compatibility replaced with [WP-Stateless – BuddyBoss Platform Addon](https://wordpress.org/plugins/wp-stateless-buddyboss-platform-addon/).
+* COMPATIBILITY - Elementor Compatibility replaced with [WP-Stateless – Elementor Website Builder Addon](https://wordpress.org/plugins/wp-stateless-elementor-website-builder-addon/).
+* COMPATIBILITY - Gravity Form Compatibility does not support older version of Gravity Forms (< 2.3).
+* ENHANCEMENT - Allow dismissing notices in Admin Panel only for logged in users.
+* ENHANCEMENT - Updated `wp-background-processing` library from from 1.0.2 to 1.1.1.
+* ENHANCEMENT - Updated `phpseclib` 3.0.34 to 3.0.37.
+* FIX - proper use of infinite timeout in `set_time_limit` function to avoid issues with PHP 8.1 and above [#704](https://github.com/udx/wp-stateless/issues/704).
+
 #### 3.4.1
-FIX - improve security while processing AJAX requests in Admin Panel
+* FIX - improve security while processing AJAX requests in Admin Panel
 
 #### 3.4.0
 * ENHANCEMENT - removed `udx/lib-settings` package dependency for security reasons. 

l10n.php

@@ -84,6 +84,8 @@
 
   'get_non_images_media_id_request_failed'  => __('Get non Images Media ID: Request failed', ud_get_stateless_media()->domain ),
   'regenerate_single_image_request_failed'  => __('Regenerate single image: Request failed', ud_get_stateless_media()->domain ),
-
+
+  'confirm'                               => __('Confirm', ud_get_stateless_media()->domain ),
+  'cancel'                                => __('Cancel', ud_get_stateless_media()->domain ),
 );
 

lib/Google/vendor/composer/installed.json

@@ -923,17 +923,17 @@
         },
         {
             "name": "phpseclib/phpseclib",
-            "version": "3.0.34",
-            "version_normalized": "3.0.34.0",
+            "version": "3.0.37",
+            "version_normalized": "3.0.37.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/phpseclib/phpseclib.git",
-                "reference": "56c79f16a6ae17e42089c06a2144467acc35348a"
+                "reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/56c79f16a6ae17e42089c06a2144467acc35348a",
-                "reference": "56c79f16a6ae17e42089c06a2144467acc35348a",
+                "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/cfa2013d0f68c062055180dd4328cc8b9d1f30b8",
+                "reference": "cfa2013d0f68c062055180dd4328cc8b9d1f30b8",
                 "shasum": ""
             },
             "require": {
@@ -951,7 +951,7 @@
                 "ext-mcrypt": "Install the Mcrypt extension in order to speed up a few other cryptographic operations.",
                 "ext-openssl": "Install the OpenSSL extension in order to speed up a wide variety of cryptographic operations."
             },
-            "time": "2023-11-27T11:13:31+00:00",
+            "time": "2024-03-03T02:14:58+00:00",
             "type": "library",
             "installation-source": "dist",
             "autoload": {
@@ -1016,7 +1016,7 @@
             ],
             "support": {
                 "issues": "https://github.com/phpseclib/phpseclib/issues",
-                "source": "https://github.com/phpseclib/phpseclib/tree/3.0.34"
+                "source": "https://github.com/phpseclib/phpseclib/tree/3.0.37"
             },
             "funding": [
                 {

lib/Google/vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => 'google/apiclient',
         'pretty_version' => 'dev-latest',
         'version' => 'dev-latest',
-        'reference' => 'fd648044ff982d46b7692c486068bf1bc9120dee',
+        'reference' => 'cb005f7d32cc2da68e63ac4cc39bbd53a556d581',
         'type' => 'library',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -31,7 +31,7 @@
         'google/apiclient' => array(
             'pretty_version' => 'dev-latest',
             'version' => 'dev-latest',
-            'reference' => 'fd648044ff982d46b7692c486068bf1bc9120dee',
+            'reference' => 'cb005f7d32cc2da68e63ac4cc39bbd53a556d581',
             'type' => 'library',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),
@@ -128,9 +128,9 @@
             'dev_requirement' => false,
         ),
         'phpseclib/phpseclib' => array(
-            'pretty_version' => '3.0.34',
-            'version' => '3.0.34.0',
-            'reference' => '56c79f16a6ae17e42089c06a2144467acc35348a',
+            'pretty_version' => '3.0.37',
+            'version' => '3.0.37.0',
+            'reference' => 'cfa2013d0f68c062055180dd4328cc8b9d1f30b8',
             'type' => 'library',
             'install_path' => __DIR__ . '/../phpseclib/phpseclib',
             'aliases' => array(),

lib/Google/vendor/phpseclib/phpseclib/BACKERS.md

@@ -13,4 +13,5 @@ phpseclib ongoing development is made possible by [Tidelift](https://tidelift.co
 - [Rachel Fish](https://github.com/itsrachelfish)
 - Tharyrok
 - [cjhaas](https://github.com/cjhaas)
-- [istiak-tridip](https://github.com/istiak-tridip)
+- [istiak-tridip](https://github.com/istiak-tridip)
+- [Anna Filina](https://github.com/afilina)

lib/Google/vendor/phpseclib/phpseclib/README.md

@@ -51,7 +51,7 @@ SSH-2, SFTP, X.509, an arbitrary-precision integer arithmetic library, Ed25519 /
 * PHP4 compatible
 * Composer compatible (PSR-0 autoloading)
 * Install using Composer: `composer require phpseclib/phpseclib:~1.0`
-* [Download 1.0.21 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.21.zip/download)
+* [Download 1.0.23 as ZIP](http://sourceforge.net/projects/phpseclib/files/phpseclib1.0.23.zip/download)
 
 ## Security contact information
 

lib/Google/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/AsymmetricKey.php

@@ -94,7 +94,7 @@ abstract class AsymmetricKey
 
     /**
      * @param string $type
-     * @return string
+     * @return array|string
      */
     abstract public function toString($type, array $options = []);
 
@@ -382,7 +382,7 @@ public static function addFileFormat($fullname)
             $shortname = $meta->getShortName();
             self::$plugins[static::ALGORITHM]['Keys'][strtolower($shortname)] = $fullname;
             if ($meta->hasConstant('IS_INVISIBLE')) {
-                self::$invisiblePlugins[static::ALGORITHM] = strtolower($name);
+                self::$invisiblePlugins[static::ALGORITHM][] = strtolower($shortname);
             }
         }
     }

lib/Google/vendor/phpseclib/phpseclib/phpseclib/Crypt/Common/SymmetricKey.php

@@ -668,11 +668,13 @@ protected static function initialize_static_variables()
             switch (true) {
                 // PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster
                 case (PHP_OS & "\xDF\xDF\xDF") === 'WIN':
-                case !(is_string(php_uname('m')) && (php_uname('m') & "\xDF\xDF\xDF") == 'ARM'):
+                case !function_exists('php_uname'):
+                case !is_string(php_uname('m')):
+                case (php_uname('m') & "\xDF\xDF\xDF") != 'ARM':
                 case defined('PHP_INT_SIZE') && PHP_INT_SIZE == 8:
                     self::$use_reg_intval = true;
                     break;
-                case is_string(php_uname('m')) && (php_uname('m') & "\xDF\xDF\xDF") == 'ARM':
+                case (php_uname('m') & "\xDF\xDF\xDF") == 'ARM':
                     switch (true) {
                         /* PHP 7.0.0 introduced a bug that affected 32-bit ARM processors:
 

lib/Google/vendor/phpseclib/phpseclib/phpseclib/Crypt/EC/PrivateKey.php

@@ -150,7 +150,7 @@ public function sign($message)
             // we use specified curves to avoid issues with OpenSSL possibly not supporting a given named curve;
             // doing this may mean some curve-specific optimizations can't be used but idk if OpenSSL even
             // has curve-specific optimizations
-            $result = openssl_sign($message, $signature, $this->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash());
+            $result = openssl_sign($message, $signature, $this->withPassword()->toString('PKCS8', ['namedCurve' => false]), $this->hash->getHash());
 
             if ($result) {
                 if ($shortFormat == 'ASN1') {

lib/Google/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php

@@ -332,6 +332,7 @@ public static function createKey($bits = 2048)
                 openssl_pkey_export($rsa, $privatekeystr, null, $config);
 
                 // clear the buffer of error strings stemming from a minimalistic openssl.cnf
+                // https://github.com/php/php-src/issues/11054 talks about other errors this'll pick up
                 while (openssl_error_string() !== false) {
                 }
 

lib/Google/vendor/phpseclib/phpseclib/phpseclib/File/ASN1.php

@@ -1148,6 +1148,11 @@ public static function decodeOID($content)
         $oid = [];
         $pos = 0;
         $len = strlen($content);
+        // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55
+        if ($len > 4096) {
+            //throw new \RuntimeException("Object identifier size is limited to 4096 bytes ($len bytes present)");
+            return false;
+        }
 
         if (ord($content[$len - 1]) & 0x80) {
             return false;