Handle publish tweet from staging/testing site. #161
Conversation
iamdharmesh
requested review from
a team and
peterwilsoncc
and removed request for
a team
There was a problem hiding this comment.
I've added a few notes inline.
To validate the URL, could you use a checksum instead of storing the value. Say sha1( site_url() )? As it's a checksum rather than a password, you don't need to worry about the recommendation the sha1() function been avoided for secure hashing.
Why have you used site_url() throughout instead of home_url()? The home URL is the address of the website, the site URL is the address of the WordPress install and the values can differ.
includes/class-ast-staging.php
Outdated
| * @since 1.2.0 | ||
| * @return bool Whether the site is a staging URL or not. | ||
| */ | ||
| public static function is_duplicate_site() { |
There was a problem hiding this comment.
This function could do with number of comments, it's unclear what is been compared.
Can this use the WP_ENVIRONMENT_TYPE constant with the core function wp_get_environment_type()
There was a problem hiding this comment.
This function compares the site's current URL with the saved live URL in the DB to identify if the current env is prod or not. for WP_ENVIRONMENT_TYPE, I am not sure if all devs use this to env var to mark the environment. So, I am not feeling comfortable depending on this env var. what do you think?
includes/class-ast-staging.php
Outdated
| * Filters value of "Is staging site?". | ||
| * | ||
| * @since 1.2.0 | ||
| * @param boolean $is_duplicate Is staging site?. |
There was a problem hiding this comment.
| * @param boolean $is_duplicate Is staging site?. | |
| * @param boolean $is_duplicate Whether the site is a staging URL or not. |
As there are staging, development and local sites, instead of $is_duplicate it might be clearer to use $is_production and reverse the logic of the checks.
|
Hi @peterwilsoncc, Thanks for the review and notice some important stuff to fix.
Yes, we can use
No specific reason for that. I thought whatever we use, we have to compare it with the value of the same function ( Thanks. |
Fair enough.
I'd suggest |
|
@peterwilsoncc I have made the requested changes in PR, please help to verify once you get some time. Thanks. |
Description of the Change
This PR adds support for detecting staging/testing environments and handling publish tweets from staging/testing/local environments to prevent publishing accidental tweets.
The plugin saves a live site URL to the options table with
_[autoshare_siteurl]_in the middle of it, to prevent it from getting replaced by a search-replace script during migraion. So, whenever the current wp site URL doesn't match with the saved live site URL, the plugin shows the notice to the admin user and stops publishing tweets. Admin users can enable publish tweets OR dismiss notice with keep publish tweet disabled.Closes #39
Alternate Designs
Maybe we can move the credentials store from sb to wp-config.php, to prevent accidental tweets.
Possible Drawbacks
Didn't notice any yet.
Verification Process
Checklist:
Changelog Entry
Added - Handle publish tweets from staging/testing/local environments to prevent publishing accidental tweets.
Credits
Props @iamdharmesh @dinhtungdu