updates requested by wordpress.org -- round #2

austinheap · Nov 21, 2017 · cdd8bec · cdd8bec
1 parent a69998a
commit cdd8bec
Show file tree

Hide file tree

Showing 9 changed files with 72 additions and 27 deletions.
diff --git a/trunk/README.txt b/trunk/README.txt
@@ -89,6 +89,16 @@ If you would like to contribute a new languge or you spotted in error in one of
 
 The translations repository is included in builds submitted to the WordPress plugin directory. Users with the [GitHub Updater Plugin](https://github.com/afragen/github-updater) don't have to wait for builds to the WordPress plugin directory -- they can get updated translations as soon as they're published to the repository by POEditor.
 
+== Anonymous Statistics (Opt-in) ==
+
+This plugin has an option --- that is **disabled** by default and _can only be enabled by explicilty opt-ing in_ on the `security.txt` Settings page --- to collect anonymous statistics to help better understand how this plugin is used and how people are implementing their `security.txt` documents. The goal of collecting this data is to aid in research and design of the [specification](https://tools.ietf.org/html/draft-foudil-securitytxt-00), the [PHP library](https://github.com/austinheap/php-security-txt), the [plugin](https://github.com/austinheap/wordpress-security-txt) itself, and to help us create a better experience for all users.
+
+For example, one function of anonymous statistics is to send your <code>security.txt</code> document to our servers. This allows us to track what percent of users are implementing the specification according to the draft RFC, and how it might differ from the explicit definitions submitted to the [Internet Engineering Task Force (IETF)](https://www.ietf.org/).
+
+We respect your privacy and are happy to clarify on any aspect of the statistics collection and analysis. More importantly, you can [verify this in the code for yourself on GitHub](https://github.com/austinheap/wordpress-security-txt/tree/master/trunk).
+
+We do not track **any** personally-identifiable information and we are committed to protecting your privacy. With regards to performance, the tracking is implemented in such a way so as to not impact of your WordPress site at all.
+
 == Badges ==
 
 All the badges!

diff --git a/trunk/admin/class-wordpress-security-txt-field.php b/trunk/admin/class-wordpress-security-txt-field.php
@@ -363,7 +363,7 @@ public function statistics()
             $this->plugin_name,
             $this->plugin_name . '-library',
             [
-                'description' => 'Allow anonymous collection of plugin usage statistics.',
+                'description_raw' => 'Allow anonymous collection of plugin usage statistics. <a href="?page=wordpress-security-txt-help#statistics">Learn more</a> about what is collected and how the data is used.',
                 'id'          => 'statistics',
                 'class'       => 'hide-when-disabled',
                 'value'       => isset($this->options['statistics']) ? $this->options['statistics'] : false,

diff --git a/trunk/admin/css/wordpress-security-txt-admin.css b/trunk/admin/css/wordpress-security-txt-admin.css
diff --git a/trunk/admin/css/wordpress-security-txt-admin.css.map b/trunk/admin/css/wordpress-security-txt-admin.css.map
diff --git a/trunk/admin/css/wordpress-security-txt-admin.scss b/trunk/admin/css/wordpress-security-txt-admin.scss
@@ -4,6 +4,8 @@
     display: inline-flex;
     background-color: #d3d3d3;
     padding: 1.5em;
+    overflow: scroll;
+    height: 25em;
   }
   ul li {
     list-style: disc;

diff --git a/trunk/admin/partials/wordpress-security-txt-field-checkbox.php b/trunk/admin/partials/wordpress-security-txt-field-checkbox.php
@@ -12,11 +12,14 @@
 
 ?><label for="<?php echo esc_attr($atts['id']); ?>">
     <input aria-role="checkbox"
-		<?php checked(1, $atts['value'], true); ?>
+        <?php checked(1, $atts['value'], true); ?>
            class="<?php echo esc_attr($atts['class']); ?>"
            id="<?php echo esc_attr($atts['id']); ?>"
            name="<?php echo esc_attr($atts['name']); ?>"
            type="checkbox"
            value="1"/>
-    <span class="description"><?php esc_html_e($atts['description'], 'wordpress-security-txt'); ?></span>
+    <span class="description"><?php if (!empty($atts['description_raw'])) {
+            print $atts['description_raw']; } else {
+            esc_html_e($atts['description'], 'wordpress-security-txt');
+        } ?></span>
 </label>
diff --git a/trunk/admin/partials/wordpress-security-txt-page-help.php b/trunk/admin/partials/wordpress-security-txt-page-help.php
@@ -24,19 +24,46 @@
 
     <div class="wrap">
         <h2>security.txt Help</h2>
+        <h3><a name="overview"></a>Overview</h3>
         <p>
             You are running <code>wordpress-security-txt v<?php echo WORDPRESS_SECURITY_TXT_VERSION ?></code>. Please
             report any issues you encounter via the <a href="<?php echo $links['issues']; ?>">GitHub issues tracker</a>.
             If you'd like to contribute to this plugin, <a href="<?php echo $links['pulls']; ?>">pull requests</a> are
             welcome. For more information please see <a href="<?php echo $links['contributing']; ?>">CONTRIBUTING.md</a>.
         </p>
+        <h3><a name="specification"></a>Specification</h3>
         <p>
             This version of the plugin implements the <code>security.txt</code>
             <a href="<?php echo $links['specification']; ?>">specification</a> as follows:
         </p>
         <div class="specification">
             <pre><?php echo htmlspecialchars(file_get_contents(plugin_dir_path(__FILE__) . '..' . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'SPECIFICATION.txt')); ?></pre>
         </div>
+        <h3><a name="statistics"></a>Anonymous Statistics</h3>
+        <p>
+            This plugin has an option &mdash; that is <strong>disabled</strong> by default and <em>can only be enabled
+            by explicilty opt-ing in</em> on the <a href="?page=wordpress-security-txt"><code>security.txt</code>
+            Settings</a> page &mdash; to collect anonymous statistics to help better understand how this plugin
+            is used and how people are implementing their <code>security.txt</code> documents. The goal of collecting
+            this data is to aid in research and design of the specification, the PHP library, the plugin itself, and to
+            help us create a better experience for all users.
+        </p>
+        <p>
+            For example, one function of anonymous statistics is to send your <code>security.txt</code> document to our
+            servers. This allows us to track what percent of users are implementing the specification according to the
+            draft RFC, and how it might differ from the explicit definitions submitted to the
+            <a href="https://www.ietf.org/">Internet Engineering Task Force (IETF)</a>.
+        </p>
+        <p>
+            We respect your privacy and are happy to clarify on any aspect of the statistics collection and analysis.
+            More importantly, you can <a href="https://github.com/austinheap/wordpress-security-txt">verify this in the
+            code for yourself on GitHub</a>.
+        </p>
+        <p>
+            We do not track <strong>any</strong> personally-identifiable information and we are committed to protecting
+            your privacy. With regards to performance, the tracking is implemented in such a way so as to not impact of
+            your WordPress site at all.
+        </p>
     </div>
 
 <?php

diff --git a/trunk/admin/partials/wordpress-security-txt-section-directives.php b/trunk/admin/partials/wordpress-security-txt-section-directives.php
@@ -14,7 +14,7 @@
 
 <p id="wordpress-security-txt-sections[directives]" class="hide-when-disabled">
     Here you can define the values for the various <code>security.txt</code> declaratives. More information about each
-    directive can be found within the <a href="?page=wordpress-security-txt-help">specification</a> itself. Please
-    note that while the specification allows more than one <code>Contact</code> directive to be present, this plugin
-    currently only supports a single record (e-mail, URL, or phone number).
+    directive can be found within the <a href="?page=wordpress-security-txt-help#specification">specification</a> itself.
+    Please note that while the specification allows more than one <code>Contact</code> directive to be present, this
+    plugin currently only supports a single record (e-mail, URL, or phone number).
 </p>
diff --git a/trunk/includes/class-wordpress-security-txt.php b/trunk/includes/class-wordpress-security-txt.php
@@ -179,7 +179,7 @@ private function define_admin_hooks()
         $this->loader->add_action('admin_init', $plugin_admin, 'register_sections');
         $this->loader->add_action('admin_init', $plugin_admin, 'register_fields');
         $this->loader->add_filter('plugin_action_links_' . WORDPRESS_SECURITY_TXT_FILE, $plugin_admin,
-                                   'link_settings');
+                                  'link_settings');
         $this->loader->add_action('plugin_row_meta', $plugin_admin, 'link_row', 10, 2);
         $this->loader->add_action('wp_before_admin_bar_render', $plugin_admin, 'admin_bar');
     }
@@ -229,24 +229,25 @@ private function define_public_hooks()
      */
     public static function event($name, $version = WORDPRESS_SECURITY_TXT_VERSION)
     {
-        /**
-         * Removed at the request of wordpress.org; pending resolution;
-         */
-//        $options = WordPress_Security_Txt_Admin::get_options();
-//
-//        if (isset($options['statistics']) && $options['statistics'] && extension_loaded('curl')) {
-//            $ch = curl_init('https://austinheap.com/projects/wordpress-security-txt/' . $name . '?version=' . $version);
-//
-//            curl_setopt($ch, CURLOPT_VERBOSE, false);
-//            curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-//            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
-//            curl_setopt($ch, CURLOPT_TIMEOUT, 5);
-//            curl_setopt($ch, CURLOPT_MAXREDIRS, 1);
-//
-//            $co = curl_exec($ch);
-//
-//            unset($co);
-//        }
+        $options = WordPress_Security_Txt_Admin::get_options();
+
+        if (isset($options['statistics']) && $options['statistics']) {
+            $cache_file     = WordPress_Security_Txt_Public::cache_file();
+            $cache_readable = is_readable($cache_file);
+            $payload        = [
+                'name'     => $name,
+                'version'  => $version,
+                'url'      => get_site_url(),
+                'document' => [
+                    'contents' => $cache_readable ? file_get_contents($cache_file) : null,
+                    'ctime'    => is_readable($cache_file) ? filectime($cache_file) : null,
+                    'mtime'    => is_readable($cache_file) ? filemtime($cache_file) : null,
+                ],
+            ];
+            $result         = wp_remote_post('https://austinheap.com/projects/wordpress-security-txt/', $payload);
+
+            unset($result);
+        }
     }
 
     /**