-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WordPress 4.7.4: File integrity issues? #32
Comments
also seeing this
|
Since I build the core package from source, the compiled and minified scripts and stylesheets have slightly different contents. My package is not the same as the .org package. If you're interested in reviewing how I'm generating the core package, check out the build script at https://github.com/johnpbloch/build-wp |
@johnpbloch: Would it be possible to make the minified files match the checksums? |
I think it's certainly possible for future tagged versions. It's honestly not a high priority for me. I'd certainly be happy to accept a contribution to the build script if you or another interested person sent in a pull request. |
@johnpbloch: I just rebuilt 4.7.4 (using the receipt in the build-wp repository you linked to above) and Interestingly, there are no differences for 4.7.3 between official zip and composer package. With the last 4.7.4 composer package, only the minified JavaScript files and inlined code parts differed. |
@johnpbloch: I think an additional release (with an extra segment after patch level, |
@strarsis I took some time to adjust the build script today. Tags no longer build from develop.svn but rather simply use the zip file distributed on wordpress.org for building tagged releases. What that means is that going forward, this shouldn't be a problem again, and releases should get to packagist faster to boot. |
Great work @johnpbloch – thanks for this! I came here wondering why my app has just updated to 4.7.4.1 despite that not being an official release – I was a little confused, but this makes sense. Using the official ZIP releases makes sense rather than rebuilding from source. |
I just want to note a side-effect: since the twentyeleven through twentyfourteen themes are not included in the zip (but are in the source), they are no longer installed since @johnpbloch updated the build script to build from the zip instead of the source. (At least I think that's the reason.) This threw me for a bit of a loop because I had activated them on a network site, and a couple of the sub-sites that were using them broke when I updated today. I had to manually add them back from wpackagist. |
After upgrading from WordPress 4.7.3 to 4.7.4 I get core file integrity issues reported by WordFence.
Hence I downloaded the official WordPress 4.7.4 release zip and composer-required the johnpbloch/wordpress package and then compared both directories.
And indeed (besides extra misc files like composer.json) there are differences
in minified JavaScript files and inlined code parts in some PHP files
between official WordPress and composer package releases.
About 100 files are affected.
Example: Deminified core.min.js files from both WordPress 4.7.4 sources:
The text was updated successfully, but these errors were encountered: