-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add LLMS_Media_Protector class. #1868
Conversation
if ( false === $is_authorized ) { | ||
$content_type = $media_file->post_mime_type; | ||
if ( 0 === stripos( $content_type, 'image/' ) ) { | ||
// @todo Find or create an image to denote unauthorized access to an image file. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll get Chris to get our design team to make an asset for this. For now use some CC0 image as a placeholder.
@thomasplevy, I've made a bunch of changes to this WIP based on the above code review. |
@thomasplevy @pondermatic
What do you think? |
@eri-trabiccolo wrote:
Scalar values (bool, int, float, string) passed to a parameter declared with a different scalar type will be coerced into the declared type. If the script that calls a function in our script has strict mode enabled, or the passed type or declared type are not scalar (array, object, etc.), a TypeError is thrown that will mention our code and the caller's code, plus a stack trace.
I put the parameter type declarations in there to explore their usefulness but am prepared to take them out if we think it'll cause problems. Because of the lack of the union types, e.g.
I like that parameter type declarations remove the need for a method to manually check the type or coerce it into another type. If a 3rd party always calls one of our public methods with the wrong parameter types, they'll find out quickly during their development. I'm concerned that if a caller sometimes passes something like @thomasplevy, what do you think about type declarations? Is this the right time to start using them? |
Well, that's partially true: Although I think that you're right, in most of the cases we'll get a
Yeah, and I also assume that this 3rd party script, since it's developed by someone who cares about types, will take care of respecting them :D
I love them, I think there's a misunderstanding here :D I said - or I meant to say that - we should be careful ONLY for which regards to hooks callbacks. I don't care about all our public methods - who uses them should pass the expected type - I'm talking about wp core filters mostly.
I'm for 2.
I agree, but I still think this is just something we cannot took for granted when we talk about WP hook callbacks.
I agree, I don't care about 3rd parties calling our public methods with the wrong parameter type. See above.
|
@pondermatic wrote:
@eri-trabiccolo wrote:
OMG that's right! Not all types are coerced. In fact, it seems strange that some are and some are not. I wrote a script to test all the combinations and am planning on making a blog post about it (off-the-clock). You have good points @eri-trabiccolo.
|
@gocodebox/engineering |
I'm in favor of type declarations but I don't like adding them with a bunch of exceptions (mainly there are no union types)... I don't like the idea of only declaring some types, it just feels sloppy... But I guess in reality it's less sloppy than not declaring any. I know that if we start declaring them on callbacks for hooks we will run into issues. Let's be honest that most people using hooks don't actually know how to write PHP... We already have to explain code snippets we share (to developers) in far more detail that seems reasonable... if we also have to add explaining type declarations... well... you know...?
And not declaring types on functions/methods we internally use as a hook callback. |
… in add_unauthorized_placeholder_image_to_media_library().
Improve how htaccess is written. Prefix AUTHORIZATION_FILTER_KEY value with an underscore to protect it from being displayed in custom fields interfaces. Rename QUERY_PARAMETER_X constants to URL_PARAMETER_X. Delete LLMS_Media_Protector::get_media_url() in favor of wp_get_attachment_image_url(). Run query only once in get_placeholder_image_id().
@pondermatic I'm opening this on your behalf so I can record some notes and thoughts I'm having while I'm working through this