diff --git a/.gitignore b/.gitignore index 2bf08fa..8ef5ff3 100644 --- a/.gitignore +++ b/.gitignore @@ -37,7 +37,6 @@ web/wp-content/mu-plugins/* !web/wp-content/mu-plugins/alter-wpcfm-config-path.php !web/wp-content/plugins/ web/wp-content/plugins/* -!web/wp-content/plugins/lh-hsts !web/wp-content/themes web/wp-content/themes/* !web/wp-content/themes/twentyseventeen-child/ diff --git a/composer.json b/composer.json index 139153d..827586f 100644 --- a/composer.json +++ b/composer.json @@ -21,16 +21,18 @@ "roots/wp-password-bcrypt": "^1.0.0", "rvtraveller/qs-composer-installer": "^1.1", "vlucas/phpdotenv": "2.*", + "wpackagist-plugin/lh-hsts": "^1.24", "wpackagist-plugin/pantheon-advanced-page-cache": "*", "wpackagist-plugin/wp-native-php-sessions": "0.*", - "wpackagist-plugin/wordpress-importer": "0.*", "wpackagist-theme/twentyseventeen": "1.*" }, "require-dev": { + "behat/mink-goutte-driver": "^1.2", + "behat/mink-selenium2-driver": "^1.3", "brain/monkey": "~2.2.0", "dealerdirect/phpcodesniffer-composer-installer": "~0.4.4", "pantheon-systems/quicksilver-pushback": "~1", - "paulgibbs/behat-wordpress-extension": "~0.9.2", + "paulgibbs/behat-wordpress-extension": "3.*", "phpunit/phpunit": "~6.5.4", "roave/security-advisories": "dev-master", "squizlabs/php_codesniffer": "3.2.2", diff --git a/composer.lock b/composer.lock index 8d7e912..66029b0 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "dd0a0eacf40ecf004104aa2d3aba886c", + "content-hash": "2e03fd5f01814ea9e18c177241a2343f", "packages": [ { "name": "composer/installers", @@ -354,16 +354,16 @@ "time": "2018-07-29T20:33:41+00:00" }, { - "name": "wpackagist-plugin/pantheon-advanced-page-cache", - "version": "0.3.0", + "name": "wpackagist-plugin/lh-hsts", + "version": "1.24", "source": { "type": "svn", - "url": "https://plugins.svn.wordpress.org/pantheon-advanced-page-cache/", - "reference": "tags/0.3.0" + "url": "https://plugins.svn.wordpress.org/lh-hsts/", + "reference": "trunk" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/pantheon-advanced-page-cache.0.3.0.zip", + "url": "https://downloads.wordpress.org/plugin/lh-hsts.zip?timestamp=1536934210", "reference": null, "shasum": null }, @@ -371,19 +371,19 @@ "composer/installers": "~1.0" }, "type": "wordpress-plugin", - "homepage": "https://wordpress.org/plugins/pantheon-advanced-page-cache/" + "homepage": "https://wordpress.org/plugins/lh-hsts/" }, { - "name": "wpackagist-plugin/wordpress-importer", - "version": "0.6.4", + "name": "wpackagist-plugin/pantheon-advanced-page-cache", + "version": "0.3.0", "source": { "type": "svn", - "url": "https://plugins.svn.wordpress.org/wordpress-importer/", - "reference": "tags/0.6.4" + "url": "https://plugins.svn.wordpress.org/pantheon-advanced-page-cache/", + "reference": "tags/0.3.0" }, "dist": { "type": "zip", - "url": "https://downloads.wordpress.org/plugin/wordpress-importer.0.6.4.zip", + "url": "https://downloads.wordpress.org/plugin/pantheon-advanced-page-cache.0.3.0.zip", "reference": null, "shasum": null }, @@ -391,7 +391,7 @@ "composer/installers": "~1.0" }, "type": "wordpress-plugin", - "homepage": "https://wordpress.org/plugins/wordpress-importer/" + "homepage": "https://wordpress.org/plugins/pantheon-advanced-page-cache/" }, { "name": "wpackagist-plugin/wp-native-php-sessions", @@ -1671,29 +1671,31 @@ }, { "name": "ocramius/proxy-manager", - "version": "2.0.4", + "version": "2.1.0", "source": { "type": "git", "url": "https://github.com/Ocramius/ProxyManager.git", - "reference": "a55d08229f4f614bf335759ed0cf63378feeb2e6" + "reference": "d9e5a00ca2d87b7e0f1bff36b897e02afd7d5435" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Ocramius/ProxyManager/zipball/a55d08229f4f614bf335759ed0cf63378feeb2e6", - "reference": "a55d08229f4f614bf335759ed0cf63378feeb2e6", + "url": "https://api.github.com/repos/Ocramius/ProxyManager/zipball/d9e5a00ca2d87b7e0f1bff36b897e02afd7d5435", + "reference": "d9e5a00ca2d87b7e0f1bff36b897e02afd7d5435", "shasum": "" }, "require": { - "ocramius/package-versions": "^1.0", - "php": "7.0.0 - 7.0.5 || ^7.0.7", - "zendframework/zend-code": "3.0.0 - 3.0.2 || ^3.0.4" + "ocramius/package-versions": "^1.1.1", + "php": "^7.1.0", + "zendframework/zend-code": "^3.1.0" }, "require-dev": { - "couscous/couscous": "^1.4.0", + "couscous/couscous": "^1.5.2", "ext-phar": "*", - "phpbench/phpbench": "^0.11.2", - "phpunit/phpunit": "^5.4.6", - "squizlabs/php_codesniffer": "^2.6.0" + "humbug/humbug": "dev-master@DEV", + "phpbench/phpbench": "^0.12.2", + "phpunit/phpunit": "^5.6.4", + "phpunit/phpunit-mock-objects": "^3.4.1", + "squizlabs/php_codesniffer": "^2.7.0" }, "suggest": { "ocramius/generated-hydrator": "To have very fast object to array to object conversion for ghost objects", @@ -1732,7 +1734,7 @@ "proxy pattern", "service proxies" ], - "time": "2016-11-04T15:53:15+00:00" + "time": "2016-11-30T15:45:00+00:00" }, { "name": "pantheon-systems/quicksilver-pushback", @@ -1761,33 +1763,36 @@ }, { "name": "paulgibbs/behat-wordpress-extension", - "version": "v0.9.2", + "version": "v3.0.0", "source": { "type": "git", "url": "https://github.com/paulgibbs/behat-wordpress-extension.git", - "reference": "7c9917c41b9a7ded3e7fb62b28f70df9dbae5d57" + "reference": "f02c68e4c7ef40946ac970b6cb4d84349471244c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/paulgibbs/behat-wordpress-extension/zipball/7c9917c41b9a7ded3e7fb62b28f70df9dbae5d57", - "reference": "7c9917c41b9a7ded3e7fb62b28f70df9dbae5d57", + "url": "https://api.github.com/repos/paulgibbs/behat-wordpress-extension/zipball/f02c68e4c7ef40946ac970b6cb4d84349471244c", + "reference": "f02c68e4c7ef40946ac970b6cb4d84349471244c", "shasum": "" }, "require": { "behat/behat": "~3.1", - "behat/mink-goutte-driver": "~1.2", - "behat/mink-selenium2-driver": "~1.3", - "ocramius/proxy-manager": "2.0.4", - "php": "~7.0", - "sensiolabs/behat-page-object-extension": "~2.1", - "zendframework/zend-code": "3.1.0" + "behat/mink-extension": "~2.3", + "ocramius/proxy-manager": "2.1", + "php": "~7.1", + "sensiolabs/behat-page-object-extension": "~2.1" }, "require-dev": { + "behat/mink-goutte-driver": "^1.2", + "behat/mink-selenium2-driver": "^1.3", "joomla-projects/selenium-server-standalone": "~3.5", + "phing/phing": "~2.16", + "phpstan/phpstan": "~0.9", "squizlabs/php_codesniffer": "~3.0", - "wp-cli/wp-cli": "~1.3" + "wp-cli/wp-cli": "~1.5" }, "suggest": { + "behat/mink-goutte-driver": "Headless Mink driver", "behat/mink-selenium2-driver": "JS-enabled Mink driver (requires Selenium2)" }, "type": "behat-extension", @@ -1801,7 +1806,7 @@ }, "notification-url": "https://packagist.org/downloads/", "license": [ - "GPL-3.0" + "GPL-3.0-or-later" ], "authors": [ { @@ -1819,7 +1824,7 @@ "extension", "wordpress" ], - "time": "2017-12-18T12:07:23+00:00" + "time": "2018-08-09T21:09:15+00:00" }, { "name": "phar-io/manifest", diff --git a/tests/behat/behat-lando.yml b/tests/behat/behat-lando.yml index 9e52a00..8aaef9c 100644 --- a/tests/behat/behat-lando.yml +++ b/tests/behat/behat-lando.yml @@ -12,7 +12,9 @@ default: PaulGibbs\WordpressBehatExtension: site_url: https://nginx/wp users: - admin: + - + roles: + - administrator username: admin password: admin wpcli: diff --git a/tests/behat/features/admin-login.feature b/tests/behat/features/admin-login.feature index 13be194..261b237 100644 --- a/tests/behat/features/admin-login.feature +++ b/tests/behat/features/admin-login.feature @@ -3,8 +3,10 @@ Feature: Login as an administrator (no-js) I want basic login behavior to work So that I can administer the site +Background: + Given I am logged in as an administrator + Given I am on the dashboard + Scenario: Confirm access to create users - Given I am logged in as an admin - When I am on the dashboard - And I go to menu item "Users > Add New" - Then I should see "Add New User" + Given I go to the menu "Users > Add New" + Then I should see "Add New User" \ No newline at end of file diff --git a/tests/behat/features/blogname.feature b/tests/behat/features/blogname.feature index e75a3f7..e10b767 100644 --- a/tests/behat/features/blogname.feature +++ b/tests/behat/features/blogname.feature @@ -4,12 +4,12 @@ Feature: Change blogname and blogdescription (no-js) So that I have control over my site Background: - Given I am logged in as an admin + Given I am logged in as an administrator Given I am on the dashboard Scenario: Saving blogname - Given I go to menu item "Settings > General" + Given I go to the menu "Settings > General" When I fill in "blogname" with "Awesome WordHat Test Site" And I press "submit" And I should see "Settings saved." @@ -17,9 +17,9 @@ Feature: Change blogname and blogdescription (no-js) Then I should see "Awesome WordHat Test Site" in the "h1 a" element Scenario: Saving blogdescription - Given I go to menu item "Settings > General" + Given I go to the menu "Settings > General" When I fill in "blogdescription" with "GitHub + Composer + CircleCi + Pantheon = Win!" And I press "submit" And I should see "Settings saved." And I am on the homepage - Then I should see "GitHub + Composer + CircleCi + Pantheon = Win!" in the ".site-description" element + Then I should see "GitHub + Composer + CircleCi + Pantheon = Win!" in the ".site-description" element \ No newline at end of file diff --git a/web/wp-content/plugins/lh-hsts/lh-hsts.php b/web/wp-content/plugins/lh-hsts/lh-hsts.php deleted file mode 100644 index 9ec7d4e..0000000 --- a/web/wp-content/plugins/lh-hsts/lh-hsts.php +++ /dev/null @@ -1,113 +0,0 @@ -uri = $_SERVER['REQUEST_URI']; - $this->domain = $_SERVER['HTTP_HOST']; - $this->current_domain = get_home_url(); - - add_action('send_headers', array($this, "add_header")); - } - - public function lh_hsts_max_age_func( $max_age ) - { - return $max_age; - } - - public function lh_hsts_subdomain_func( $subdomain ) - { - return $subdomain; - } - - public function lh_hsts_preload_func( $preload ) - { - return $preload; - } - - public function lh_hsts_redirect_func( $redirect ) - { - return $redirect; - } - - public function add_header() - { - - - if($this->current_domain == "http://". $this->domain || $this->current_domain == "https://". $this->domain) { - if (isset($_SERVER['HTTPS'])) { - //default max-age in seconds (equivalent to 185 days to allow pre-loading) - $this->max_age = apply_filters('lh_hsts_max_age', 15984000); - $this->subdomain = apply_filters('lh_hsts_subdomain', true); - $this->preload = apply_filters('lh_hsts_preload', true); - $this->redirect = apply_filters('lh_hsts_redirect', true); - - $string = "max-age=".$this->max_age.";"; - if($this->subdomain) { - $string .= " includeSubDomains;"; - } - if($this->preload) { - $string .= " preload"; - } - - header("Strict-Transport-Security: ". $string); - - } else { - $this->redirect = apply_filters('lh_hsts_redirect', true); - if ($this->redirect) { - header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301); - } - } - } else { - Header("HTTP/1.1 301 Moved Permanently"); - Header("Location: ". $this->current_domain . $this->uri); - die(); - } - } - } - - $LH_HSTS_Plugin_instance = LH_HSTS_Plugin::get_instance(); -} - -?> diff --git a/web/wp-content/plugins/lh-hsts/readme.txt b/web/wp-content/plugins/lh-hsts/readme.txt deleted file mode 100644 index eef5992..0000000 --- a/web/wp-content/plugins/lh-hsts/readme.txt +++ /dev/null @@ -1,89 +0,0 @@ -=== LH HSTS === -Contributors: shawfactor,asitha -Donate link: https://lhero.org/plugins/lh-hsts/ -Tags: HSTS, https, ssl, security, redirect -Requires at least: 3.0 -Tested up to: 4.9 -Stable tag: trunk -License: GPLv2 or later -License URI: http://www.gnu.org/licenses/gpl-2.0.html - -HSTS is HTTP Strict Transport Security, a means to enforce using SSL even if the user accesses the site through HTTP and not HTTPS. - -== Description == - -This plugin send the proper headers for full ssl security. For more information on what this is and why it is important visit: http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security - -The options are preset to enable browsers to preload the HSTS directive but can be overwritten by filters which are clearly documented in the code. - -**Did you find this plugin helpful? Please consider [writing a review](https://wordpress.org/support/view/plugin-reviews/lh-hsts).** - -== Installation == - -1. Upload the entire `lh-hsts` folder to the `/wp-content/plugins/` directory. -2. Activate the plugin through the 'Plugins' menu in WordPress. - -== Frequently Asked Questions == - -= How do I change the behaviour of this plugin? = - -Through filters, all of which are commented in the code and will be documented below. - -=== To update the max-age settings, add the following code to your functions.php === -``` -add_filter('lh_hsts_max_age', 'modify_ls_hsts_max_age_func'); - -function modify_ls_hsts_max_age_func( $max_age ){ - return false; -} -``` - -=== To update the subdomain settings, add the following code to your functions.php === -``` -add_filter('lh_hsts_subdomain', 'modify_ls_hsts_subdomain_func'); - -function modify_ls_hsts_subdomain_func( $subdomain ){ - return false; -} -``` - -=== To update the preload setting, add the following code to your functions.php === -``` -add_filter('lh_hsts_preload', 'modify_ls_hsts_preload_func'); - -function modify_ls_hsts_preload_func( $preload ){ - return false; -} -``` - -=== To update the redirect setting, add the following code to your functions.php === -``` -add_filter('lh_hsts_redirect', 'modify_ls_hsts_redirect_func'); - -function modify_ls_hsts_redirect_func( $redirect ){ - return false; -} -``` - -== Changelog == - -= 1.00 - February 28, 2016 = -* Initial release - -= 1.10 - March 28, 2016 = -* Use correct domain - -= 1.11 - April 02, 2017 = -* Added class exists check - -= 1.20 - May 11, 2017 = -* Just made everything look pretty and structured - -= 1.21 - May 24, 2017 = -* Bug fix - -= 1.22 - January 10, 2018 = -* Singleton pattern - -= 1.23 - March 04, 2018 = -* Fixed fiulter name \ No newline at end of file