Update dynamic function blacklist for security enhancement

Added a mechanism to dynamically retrieve and merge updated WordPress function lists into the blacklist to prevent unsafe usage in dropdown options. Addresses a security issue (CVE-2025-47691) by using a JSON-based function source tied to WordPress versioning.
This commit is contained in:
Mykyta Synelnikov
2025-05-12 13:16:17 +03:00
parent 1181b7956d
commit 9d83fba560
7 changed files with 3941 additions and 5 deletions
+7 -1
View File
@@ -33,7 +33,13 @@
"phpcompatibility/phpcompatibility-wp": "*",
"wp-coding-standards/wpcs": "2.3.0",
"squizlabs/php_codesniffer": "3.*",
"phpdocumentor/phpdocumentor": "3.1.*"
"phpdocumentor/phpdocumentor": "3.1.*",
"sniccowp/php-scoper-wordpress-excludes": "6.8.*"
},
"scripts": {
"wordpress-excludes": [
"@php -r \"$dest = 'includes/lib/php-scoper-wordpress-excludes/'; if (!is_dir($dest)) { mkdir($dest, 0755, true); }; copy('vendor/sniccowp/php-scoper-wordpress-excludes/generated/exclude-wordpress-functions.json', $dest . 'exclude-wordpress-functions.json');\""
]
},
"extra": {
"installer-paths": {