Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 6 years ago

#25926 closed defect (bug) (fixed)

Source code is not included for the zxcvbn library

Reported by: denis-de-bernardy's profile Denis-de-Bernardy Owned by: nacin's profile nacin
Milestone: 3.8 Priority: normal
Severity: blocker Version: 3.7.1
Component: External Libraries Keywords:
Focuses: Cc:

Description

While scanning the code base wondering if a js-based sha1 implementation was already included, I ran into the zxcvbn library — minified, unreadable, and undocumented.

Admittedly, searching trac quickly led me to r25156 and a link to the original files. But for a moment, I genuinely wondered if it was something malicious that crept into my wp-includes folder.

We should add some kind of comment in there to say what it is and where it comes from. Or maybe a zxcvbn.txt file with a note so we don't need to keep the lines around when it gets updated. *Something* — if only to comply with the GPL.

Change History (11)

#1 @SergeyBiryukov
10 years ago

  • Milestone changed from Awaiting Review to 3.8

#2 @Denis-de-Bernardy
10 years ago

  • Summary changed from No source code is not included for the zxcvbn library to Source code is not included for the zxcvbn library

#3 @rachelbaker
10 years ago

  • Cc rachel@… added

#4 follow-up: @georgestephanis
10 years ago

I'd rather see a small comment at the top of the file, like for http://develop.svn.wordpress.org/trunk/src/wp-includes/js/jquery/jquery.js

#6 in reply to: ↑ 4 @Denis-de-Bernardy
10 years ago

Replying to georgestephanis:

I'd rather see a small comment at the top of the file, like for http://develop.svn.wordpress.org/trunk/src/wp-includes/js/jquery/jquery.js

Note the /*! at the beginning of the comment. It tells yui to not strip that particular comment. Not sure Dropbox adheres to the convention. (Someone could always ask them to, mind you.)

But whichever way is decided, this must be fixed before the next release, to comply with the GPL.

#7 @chriscct7
10 years ago

We could just add a zxcvbn_license.txt in the same folder with the contents from: https://github.com/lowe/zxcvbn/blob/master/LICENSE.txt

#8 @nacin
10 years ago

  • Owner set to nacin
  • Status changed from new to accepted

#9 @nacin
10 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 26629:

Add a copyright notice to zxcvbn. fixes #25926.

#10 @nacin
10 years ago

I will do more than [26629] soon; we're going to start to include things in develop.svn versus code.svn.wordpress.org/wordpress-sources

#11 @netweb
6 years ago

FYI: As part of the restructuring in #43055 the source for zxcvbn will now be included in the develop.svn repo by way that it will now be installed as a npm module and the source is included in the npm package distribution

Note: See TracTickets for help on using tickets.