From fedfaeafc4d7a2b4d4523195d6ee6b51fcf454c2 Mon Sep 17 00:00:00 2001
From: xZero707 <aleksandar@puharic.com>
Date: Tue, 24 Jan 2023 01:24:46 +0100
Subject: [PATCH] Apply patch during build time

---
 Dockerfile                                 |  4 ++-
 rootfs/etc/cont-init.d/10-verify-wordpress | 18 -----------
 rootfs/usr/local/bin/wp-apply-patch        | 36 ++++++++++++++++++++++
 3 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100755 rootfs/usr/local/bin/wp-apply-patch

diff --git a/Dockerfile b/Dockerfile
index 6549936..5d0a598 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,7 +32,9 @@ RUN apk add --update --no-cache patch
 
 COPY --from=rootfs ["/", "/"]
 
-RUN chmod a+x /usr/local/bin/wp
+RUN set -eux \
+    && chmod a+x /usr/local/bin/wp \
+    && wp-apply-patch "/etc/wp-mods/wp-admin-update-core.patch" "/var/www/html/wp-admin/update-core.php" "true"
 
 ARG WP_VERSION
 ENV WP_VERSION="${WP_VERSION}"
diff --git a/rootfs/etc/cont-init.d/10-verify-wordpress b/rootfs/etc/cont-init.d/10-verify-wordpress
index 986bc4e..2e40f94 100755
--- a/rootfs/etc/cont-init.d/10-verify-wordpress
+++ b/rootfs/etc/cont-init.d/10-verify-wordpress
@@ -16,17 +16,6 @@ function scriptExitHandler() {
   exit "${LAST_EXIT_CODE}"
 }
 
-# Applies patch for making WordPress updates impossible
-function disableUpdatesPatch() {
-  DISABLE_WP_UPDATES="${ENFORCE_DISABLE_WP_UPDATES:-true}"
-  if [ "${DISABLE_WP_UPDATES}" != "false" ]; then
-    echo "> Disabling WordPress updates..."
-    patch /var/www/html/wp-admin/update-core.php </etc/wp-mods/wp-admin-update-core.patch
-    echo "> Marking the patched file read-only..."
-    chmod 0440 /var/www/html/wp-admin/update-core.php
-  fi
-}
-
 # Main function
 function main() {
   # Removes trailing zero if found
@@ -53,13 +42,6 @@ function main() {
     return 0
   else
     echo "> Identified 'WordPress ${WP_VERSION}'"
-
-    # This will apply patch once and again only if container is recreated
-    if [ ! -f "/var/www/patch-applied" ]; then
-        disableUpdatesPatch
-        touch "/var/www/patch-applied"
-    fi
-
   fi
 }
 
diff --git a/rootfs/usr/local/bin/wp-apply-patch b/rootfs/usr/local/bin/wp-apply-patch
new file mode 100755
index 0000000..d207db4
--- /dev/null
+++ b/rootfs/usr/local/bin/wp-apply-patch
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Applies patch for preventing WordPress updates
+function main() {
+    PATCH_FILE="${1:?PATCH_FILE is required}"
+    TARGET_FILE="${2:?TARGET_FILE is required}"
+
+    if [ ! -f "${PATCH_FILE}" ]; then
+        echo ">	No such	file [PATCH]: ${PATCH_FILE}"
+        return 1
+    fi
+
+    if [ ! -f "${TARGET_FILE}" ]; then
+        echo "> No such file [TARGET]: ${TARGET_FILE}"
+        return 1
+    fi
+
+    echo "> Loading patch ${PATCH_FILE}"
+    echo "  Patching '${TARGET_FILE}'..."
+    patch --verbose "${TARGET_FILE}" <"${PATCH_FILE}"
+
+    MARK_READ_ONLY="${3:-true}"
+    if [ "${MARK_READ_ONLY}" = "true" ]; then
+        # This is done in order to prevent WordPress overwriting the file
+        echo "  Marking the patched file read-only..."
+        chmod 0440 "${TARGET_FILE}"
+    fi
+
+    return 0
+}
+
+# Usage: main /etc/wp-mods/wp-admin-update-core.patch /var/www/html/wp-admin/update-core.php ?true|false
+main "${@}"
+exit $?