On 13/11/14 18:01, John Hardin wrote:
There's already hacked-wordpress rules in testing. I'll compare to
existing and see if this is already covered, can be merged neatly, or
would be a variant subrule.
The testing sub-rule was mine - this is slightly adjusted. The rules in
sandbox for Wordpress only look for .php extensions - I see others such
as .html, .htm etc
LOC_WP_POMO - only certain files should be in the pomo dir - this
detects ones that shouldn't be
That could probably be compressed to one rule using
(?!(?:blah|blah|blah)\.php) for exclusion of valid content.
Definitely could be, I did this for simplicity of reading. I'm taking
the filenames from an install of WP, other files shouldn't be in that dir.
Can you provide a spample?
I don't have any atm, I can dig some out
LOC_JOOMLA
I'll add those.
There are other variants I use to look for MISSING_HEADERS, __NOSUBJECT,
XPRIO, (BODY_URI_ONLY || BODY_SINGLE_URI) and MISSING_SUBJECT to make
LOC_WP_MISSING_HEADERS and LOC_JOOMLA_MISSING_HEADERS - I'm still not
sure what the concensus is on overlapping rules like this, e.g.
meta PDS_LOC_WP_MISSING_HEADERS (__PDS_LOC_WP_SUBJ && MISSING_HEADERS)
describe PDS_LOC_WP_SUBJ_EMPTY Contains wordpress uri and empty subject
or
meta PDS_BODY_URI_ONLY_WP ((BODY_URI_ONLY || BODY_SINGLE_URI) &&
__PDS_LOC_WP)
describe PDS_BODY_URI_ONLY_WP Body only contains WP URI
--
Paul Stead
Systems Engineer
Zen Internet
