Changeset 14698

Timestamp:

03/12/2026 03:22:44 AM (41 hours ago)

Author:

dd32

Message:

Plugin Directory: Gate 2FA-related calls behind class_exists/function_exists checks to prevent fatal errors when Two_Factor plugin is not active.

• Skip 2FA revalidation in release confirmation API when Two_Factor_Core class is unavailable
• Wrap Two_Factor_Core::is_user_using_two_factor() calls in release confirmation shortcode
• Guard user_requires_2fa() and is_email_address_unsafe() calls in upload shortcode

This allows for the plugin directory to be used in a local environment.

See ​https://github.com/WordPress/wordpress.org/pull/555

Location:

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory

Files:

• api/routes/class-plugin-release-confirmation.php (modified) (1 diff)
• shortcodes/class-release-confirmation.php (modified) (2 diffs)
• shortcodes/class-upload.php (modified) (2 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-plugin-release-confirmation.php

@@ -118 +118 @@
         }
 
+        if ( ! class_exists( 'Two_Factor_Core' ) ) {
+            return true;
+        }
+
         // Check to see if they've confirmed their 2FA status recently..
         $status = get_revalidation_status();

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-release-confirmation.php

@@ -69 +69 @@
 
         // If the user is not using 2FA, show a notice.
-        if ( ! Two_Factor_Core::is_user_using_two_factor( get_current_user_id() ) ) {
+        if (
+            class_exists( 'Two_Factor_Core' ) &&
+            ! Two_Factor_Core::is_user_using_two_factor( get_current_user_id() )
+        ) {
             printf(
                 '<div class="plugin-notice notice notice-error notice-alt"><p>%s</p></div>',
@@ -283 +286 @@
         if (
             ! is_user_logged_in() ||
-            ! Two_Factor_Core::is_user_using_two_factor( get_current_user_id() ) ||
             ! current_user_can( 'plugin_manage_releases', $plugin  ) ||
+            ( class_exists( 'Two_Factor_Core' ) && ! Two_Factor_Core::is_user_using_two_factor( get_current_user_id() ) ) ||
 
             // No need to show actions if the release can't be confirmed, or is already confirmed

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-upload.php

@@ -65 +65 @@
         // Require 2FA for plugin authors on upload.
         if (
+            function_exists( 'WordPressdotorg\Two_Factor\user_requires_2fa' ) &&
+            class_exists( 'Two_Factor_Core' ) &&
             user_requires_2fa( wp_get_current_user() ) &&
             ! Two_Factor_Core::is_user_using_two_factor( get_current_user_id() )
@@ -394 +396 @@
                 )
             );
-        } else if ( is_email_address_unsafe( wp_get_current_user()->user_email ) ) {
+        } else if ( function_exists( 'is_email_address_unsafe' ) /* multisite-only */ && is_email_address_unsafe( wp_get_current_user()->user_email ) ) {
             echo '<div class="notice notice-error notice-alt"><p>' .
                 sprintf(