[wp-trac] [WordPress Trac] #62140: Consider allowing themes to register block metadata collections
WordPress Trac
noreply at wordpress.org
Mon Nov 11 20:44:37 UTC 2024
#62140: Consider allowing themes to register block metadata collections
--------------------------+---------------------
Reporter: flixos90 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 6.7.1
Component: Editor | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+---------------------
Comment (by mreishus):
Hey @flixos90 - Wanted to bring up some more real-world scenarios I've
come across wrt the path validation.
- Some hosting services used symlinked plugins, like `/wp-
content/plugins/myplugin` to `/managed-plugins/myplugin`. The current
checks fail because the physical path doesn't match the expected plugin
directory structure.
- WordPress.com and other complex setups would like to support custom
paths like registering from `wp-content/mu-plugins/jetpack-plugin`.
I've thought about a couple of ideas and have come up with this list of
potential approaches:
1. Keep the current structure but **add more valid paths**, like themes
and mu-plugins.
2. Switched to a **banned path** approach. - Everything is allowed by
default, but some paths are explicitly disallowed, like `wp-
content/plugins`, `wp-content/themes`, or `wp-content/` to prevent
conflicts. (Maybe we could climb all the way 'up' the directory path and
disallow any of these?)
3. Add a **WordPress filter** for paths being allowed for custom setups.
Imagine something like `$is_valid = apply_filters(
'block_metadata_collection_path_is_valid', $default_validity, $path );`
Each has different tradeoffs, and there could be other ideas I haven't
thought of yet. Do you have any inclination on what would balance the
original concerns about security and conflicts with some of the real-word
needs we've seen?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62140#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list