checksum-command icon indicating copy to clipboard operation
checksum-command copied to clipboard

Published 20 hours ago verified publisher icon wp-cli

Add `--exclude=<file>,<file>` argument to skip files

Open kwbtdisk opened this issue 5 years ago • 7 comments

https://wordpress.slack.com/archives/C02RP4T41/p1557867276075100 I will make a PR if this would be useful for everyone 😎

Purpose

  • (In my case) I wanted to ignore ./readme.html file cos we have always deleted the file
  • And other cases like some files/dirs are moved by the security or management reason

An option

# Proposal
wp core verify-checksums --ignore-files='readme.html wp-includes/some-filename.php'

I would be happy if someone kindly suggests it should be --ignore-files or --skip-files or --excludes.

kwbtdisk avatar May 15 '19 03:05 kwbtdisk

Hello,

I think this is a great idea, but I would wish it would be implemented more universally for verify-checksums. So, not only for core, but also for plugins and any other thing which uses this command.

Thus the argument should be more universally named (--exclude?) and it should IMHO follow the current coding style: a comma separated list of items (file names or plugin slugs).

Best regards, Andrej

R33D3M33R avatar May 29 '19 05:05 R33D3M33R

Any chance someone has already worked on this? Helping a client manage their wordpress installations more automatically and they want to reinstall wordpress installs that fail verification. Since the readme.html is either deleted or renamed this check almost always fails and results in extra work reinstalling the wordpress core. Would like to be able to ignore readme.html from being verified.

I can give it a shot if no one has time. Seems pretty simple to add another arg to the core command and then add the necessary logic during the file loop.

Austinb avatar Jun 24 '19 23:06 Austinb

Woops sorry I didn't check this thread. @Austinb Have you started working on this? If not, let me take this 😃

kwbtdisk avatar Jun 28 '19 07:06 kwbtdisk

@kwbtdisk Please feel free if you have the time. I have not had any block of time to sit down and hammer it out. The issue is not a big one right now but will be for my client once we have other aspects completed.

Austinb avatar Jun 28 '19 15:06 Austinb

+1 highly agree. Would like to schedule wp core verify-checksums as part of regular security scans however I'd prefer to ignore if readme.html and wp-config-sample.php files are deleted.

Current behavior is:

wp core verify-checksums
Warning: File doesn't exist: wp-config-sample.php
Error: WordPress installation doesn't verify against checksums.

Maybe something like this with a repeatable argument for many files?

wp core verify-checksums --skip-files=wp-config-sample.php --skip-files=readme.html
Success: WordPress installation verifies against checksums.

austinginder avatar Jul 06 '22 00:07 austinginder

I guess I'd be fine with an --exclude= argument that accepts one or more comma-separated files, as long as there aren't any security issues associated with it.

danielbachhuber avatar Sep 07 '23 20:09 danielbachhuber

Would like to work on it.

iDschepe avatar Jun 13 '24 09:06 iDschepe