[wp-hackers] Plugin update & security / privacy - Data sent
Omry Yadan
omry at yadan.net
Sun Sep 23 13:14:45 GMT 2007
Sounds good to me.
maybe we should only send plugin file, version and name.
also, in the spirit of my original proposal:
1. this should not be bundled with the new version check.
2. users should explicitly agree to send info before WP sends anything.
Moritz 'Morty' Strübe wrote:
> To get some facts out added some debugging output.
> Notice that there are 11k of data transmitted. Also of course your
> Wordpress version and your url (which I already encapsulated in a md5).
> IMHO a list of plugin names and a answer with the current version
> numbers is enough data to be transmitted.
>
> The request:
>
> POST /plugins/update-check/1.0/ HTTP/1.0
> Host: api.wordpress.org
> Content-Type: application/x-www-form-urlencoded; charset=UTF-8
> Content-Length: 11000
> User-Agent: WordPress/2.3-RC1; 4b028de5098db7fb05c6d6dd264de215
>
> And the data:
>
> data:object(stdClass)(2) {
> ["plugins"]=>
> array(15) {
> ["akismet/akismet.php"]=>
> array(5) {
> ["Name"]=>
> string(7) "Akismet"
> ["Title"]=>
> string(71) "<a href="http://akismet.com/" title="Visit plugin homepage">Akismet</a>"
> ["Description"]=>
> string(354) "Akismet checks your comments against the Akismet web service to see if they look like spam or not. You need a <a href="http://wordpress.com/api-keys/">WordPress.com API key</a> to use it. You can review the spam it catches under “Comments.” To show off your Akismet stats just put <code><?php akismet_counter(); ?></code> in your template."
> ["Author"]=>
> string(80) "<a href="http://photomatt.net/" title="Visit author homepage">Matt Mullenweg</a>"
> ["Version"]=>
> string(5) "2.0.2"
> }
> ["cjd_delete_de.php"]=>
> array(5) {
> ["Name"]=>
> string(35) "CJD-<br />Spam Nuke <br />(deutsch)"
> ["Title"]=>
> string(121) "<a href="http://chrisjdavis.org/category/wp-hacks/" title="Visit plugin homepage">CJD-<br />Spam Nuke <br />(deutsch)</a>"
> ["Description"]=>
> string(216) "Dieses Plugin macht all die Kommentare sicht- und löschbar, die mit dem Attribut ‘Spam’ in der Datenbank herumliegen. Deutsche Bearbeitung: <a href="http://www.journal.kylaloo.net/">Mathias Hundt</a>"
> ["Author"]=>
> string(105) "<a href="http://chrisjdavis.org/" title="Visit author homepage">Chris J. Davis, Scott (skippy) Merill</a>"
> ["Version"]=>
> string(5) "1.5.3"
> }
> ["follow.php"]=>
> array(5) {
> ["Name"]=>
> string(10) "Follow-URL"
> ["Title"]=>
> string(79) "<a href="http://blog.taragana.com" title="Visit plugin homepage">Follow-URL</a>"
> ["Description"]=>
> string(108) "Dieses Plugin entfernt das <strong>nofollow</strong>-Attribut, dass WordPress an Links in Kommentaren setzt."
> ["Author"]=>
> string(90) "<a href="http://blog.taragana.com/" title="Visit author homepage">Angsuman Chakraborty</a>"
> ["Version"]=>
> string(3) "1.0"
> }
> ["gengo/gengo.php"]=>
> array(5) {
> ["Name"]=>
> string(5) "Gengo"
> ["Title"]=>
> string(88) "<a href="http://jamietalbot.com/wp-hacks/gengo/" title="Visit plugin homepage">Gengo</a>"
> ["Description"]=>
> string(180) "Multi-language blogging for WordPress.<br/>Licensed under the <a href="http://www.opensource.org/licenses/mit-license.php">MIT License</a>, Copyright © 2006-2007 Jamie Talbot."
> ["Author"]=>
> string(80) "<a href="http://jamietalbot.com/" title="Visit author homepage">Jamie Talbot</a>"
> ["Version"]=>
> string(3) "0.9"
> }
> ["gravatars2.php"]=>
> array(5) {
> ["Name"]=>
> string(10) "Gravatars2"
> ["Title"]=>
> string(84) "<a href="http://zenpax.com/gravatars2/" title="Visit plugin homepage">Gravatars2</a>"
> ["Description"]=>
> string(326) "Implements Gravatars (global avatars: gravatar.com) with enhanced caching support, cron support, & administrative interface to control default options. Registered users can use local Gravatars (also cached). Copyright 2006 Kip Bond; Licensed under the terms of the <a href="http://www.gnu.org/licenses/gpl.html">GPL</a>."
> ["Author"]=>
> string(82) "<a href="http://zenpax.com/gravatars2/" title="Visit author homepage">Kip Bond</a>"
> ["Version"]=>
> string(5) "2.6.1"
> }
> ["gravatars2-wpcron.php"]=>
> array(5) {
> ["Name"]=>
> string(18) "Gravatars2 WP-Cron"
> ["Title"]=>
> string(92) "<a href="http://zenpax.com/gravatars2/" title="Visit plugin homepage">Gravatars2 WP-Cron</a>"
> ["Description"]=>
> string(194) "Refreshes the cached gravatar images using a pseudo-cron implementation — Requires WP-Cron (http://skippy.net/blog/2005/10/09/wp-cron-14/) & Gravatars2 (http://zenpax.com/gravatars2/)"
> ["Author"]=>
> string(82) "<a href="http://zenpax.com/gravatars2/" title="Visit author homepage">Kip Bond</a>"
> ["Version"]=>
> string(3) "1.1"
> }
> ["hello.php"]=>
> array(5) {
> ["Name"]=>
> string(11) "Hello Dolly"
> ["Title"]=>
> string(78) "<a href="http://wordpress.org/#" title="Visit plugin homepage">Hello Dolly</a>"
> ["Description"]=>
> string(295) "This is not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from <cite>Hello, Dolly</cite> in the upper right of your admin screen on every page."
> ["Author"]=>
> string(80) "<a href="http://photomatt.net/" title="Visit author homepage">Matt Mullenweg</a>"
> ["Version"]=>
> string(3) "1.5"
> }
> ["locktest.php"]=>
> array(5) {
> ["Name"]=>
> string(9) "Lock test"
> ["Title"]=>
> string(96) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Lock test</a>"
> ["Description"]=>
> string(14) "Tests locking."
> ["Author"]=>
> string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
> ["Version"]=>
> string(3) "1.0"
> }
> ["a_o42-clean-umlauts.php"]=>
> array(5) {
> ["Name"]=>
> string(17) "o42-clean-umlauts"
> ["Title"]=>
> string(116) "<a href="http://otaku42.de/2005/06/30/plugin-o42-clean-umlauts/" title="Visit plugin homepage">o42-clean-umlauts</a>"
> ["Description"]=>
> string(366) "Das Plugin konvertiert die deutschen Umlaute in den Beitragstiteln, Kommentaren und Feeds zu ASCII. - Aus ä,ü,ö,ß wird ein ae, ue, oe und ss. auf der Lösung von <a href="http://www.papascott.de">Scott Hanson</a>. Das Plugin wirkt sich nur aus, wenn bei der Permalinstruktur “<em>Basierend auf Datum und Name</em>” aktiviert ist."
> ["Author"]=>
> string(79) "<a href="http://otaku42.de/" title="Visit author homepage">Michael Renzmann</a>"
> ["Version"]=>
> string(5) "0.2.0"
> }
> ["wp-pagesnav/wp-pagesnav.php"]=>
> array(5) {
> ["Name"]=>
> string(7) "PageNav"
> ["Title"]=>
> string(88) "<a href="http://www.adsworth.info/wp-pagesnav" title="Visit plugin homepage">PageNav</a>"
> ["Description"]=>
> string(18) "Header Navigation."
> ["Author"]=>
> string(80) "<a href="http://www.adsworth.info/" title="Visit author homepage">Adi Sieker</a>"
> ["Version"]=>
> string(5) "0.0.1"
> }
> ["post_notification/post_notification.php"]=>
> array(5) {
> ["Name"]=>
> string(17) "Post Notification"
> ["Title"]=>
> string(104) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Post Notification</a>"
> ["Description"]=>
> string(74) "Sends an email to all subscribers. See readme or instructions for details."
> ["Author"]=>
> string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
> ["Version"]=>
> string(8) "1.2.rc 5"
> }
> ["PN_mailfix.php"]=>
> array(5) {
> ["Name"]=>
> string(25) "Post Notification Mailfix"
> ["Title"]=>
> string(112) "<a href="http://xn--strbe-mva.de/post-notification/" title="Visit plugin homepage">Post Notification Mailfix</a>"
> ["Description"]=>
> string(54) "Fixes problems sending HTML-mails - Only for WP 2.2.x!"
> ["Author"]=>
> string(86) "<a href="http://xn--strbe-mva.de" title="Visit author homepage">Moritz Strübe</a>"
> ["Version"]=>
> string(5) "1.2.1"
> }
> ["timezone.php"]=>
> array(5) {
> ["Name"]=>
> string(9) "Time Zone"
> ["Title"]=>
> string(92) "<a href="http://kimmo.suominen.com/sw/timezone/" title="Visit plugin homepage">Time Zone</a>"
> ["Description"]=>
> string(136) "Automatische Umstellung von Sommerzeit auf Winterzeit. Einstellungen können unter: Optionen » Time Zone geändert werden."
> ["Author"]=>
> string(85) "<a href="http://kimmo.suominen.com/" title="Visit author homepage">Kimmo Suominen</a>"
> ["Version"]=>
> string(3) "2.1"
> }
> ["update-monitor.php"]=>
> array(5) {
> ["Name"]=>
> string(14) "Update-Monitor"
> ["Title"]=>
> string(78) "<a href="http://blogshop.de/" title="Visit plugin homepage">Update-Monitor</a>"
> ["Description"]=>
> string(133) "Stay informed about new WordPress releases. <em>Powered by <a href="http://wordpress-deutschland.org">WordPress Deutschland</a></em>."
> ["Author"]=>
> string(79) "<a href="http://blogshop.de/" title="Visit author homepage">Olaf A. Schmitz</a>"
> ["Version"]=>
> string(3) "1.3"
> }
> ["wp-db-backup.php"]=>
> array(5) {
> ["Name"]=>
> string(25) "WordPress Database Backup"
> ["Title"]=>
> string(105) "<a href="http://www.skippy.net/blog/plugins/" title="Visit plugin homepage">WordPress Database Backup</a>"
> ["Description"]=>
> string(44) "On-demand backup of your WordPress database."
> ["Author"]=>
> string(80) "<a href="http://www.skippy.net/" title="Visit author homepage">Scott Merrill</a>"
> ["Version"]=>
> string(3) "1.8"
> }
> }
> ["active"]=>
> array(3) {
> [0]=>
> string(12) "locktest.php"
> [1]=>
> string(39) "post_notification/post_notification.php"
> [2]=>
> string(27) "wp-pagesnav/wp-pagesnav.php"
> }
> }
>
>
>
>
More information about the wp-hackers
mailing list