wordpress/rootfs/usr/local/bin/wp-apply-patch

#!/usr/bin/env bash

set -e

# Applies patch for preventing WordPress updates
function main() {
    PATCH_FILE="${1:?PATCH_FILE is required}"
    TARGET_FILE="${2:?TARGET_FILE is required}"

    if [ ! -f "${PATCH_FILE}" ]; then
        echo ">	No such	file [PATCH]: ${PATCH_FILE}"
        return 1
    fi

    if [ ! -f "${TARGET_FILE}" ]; then
        echo "> No such file [TARGET]: ${TARGET_FILE}"
        return 1
    fi

    echo "> Loading patch ${PATCH_FILE}"
    echo "  Patching '${TARGET_FILE}'..."
    patch --verbose "${TARGET_FILE}" <"${PATCH_FILE}"

    MARK_READ_ONLY="${3:-true}"
    if [ "${MARK_READ_ONLY}" = "true" ]; then
        # This is done in order to prevent WordPress overwriting the file
        echo "  Marking the patched file read-only..."
        chmod 0440 "${TARGET_FILE}"
    fi

    return 0
}

# Usage: main /etc/wp-mods/wp-admin-update-core.patch /var/www/html/wp-admin/update-core.php ?true|false
main "${@}"
exit $?