@Paul and fellow Shield Security users…
I’ve started getting a message about unrecognised file
wp-includes/js/tinymce/wp-tinymce.js.gz in Shield.
This file doesn’t exist in WordPress but I’m just wondering why I’ve suddenly started getting warnings about it? I know I can “ignore” it, but that’s not the point really.
CP 1.1.2, Shield 8.7.0.
Yes, same for me. I deleted it but not sure why it is even there.
I ran into the same issue yesterday on one of my sites and thought it had crept in on the server but then realized it’s included in CP.
Could it have carried over from development unintentionally?
Seems like a possibility, but the file has been there since v1.0.0 of CP so it makes you wonder why Shield has apparently only just detected it.
That’s a good point/question.
Thanks for reporting this… you’re right, it’s weird that suddenly it should start reporting this.
I believe this has started happening after a change we made to stop including .gz .zip files in the checksums.
I’ll have a think about the best way to handle this bug, sorry about the trouble with that.
Still wondering why it is there at all. Perhaps @james could tell us if it is necessary (since I deleted it on a site!).
I see a commit here in WP:
That’s a good find. So
wp-tinymce.js.gz does exist in WP 4.9.13 and also WP 5.0 but
wp-tinymce.js does not.
But the reverse is true from WP 5.1 onwards.
So Oz, looks like you need to put it back again
Hmmm. OK. Now, which site was it?..
A bit late, but here is how to find the answer to this question.
- Go to https://github.com/ClassicPress/ClassicPress and search for
- Land at https://github.com/ClassicPress/ClassicPress/search?q=wp-tinymce.js.gz&unscoped_q=wp-tinymce.js.gz
- Click the line number in the matching file and land at https://github.com/ClassicPress/ClassicPress/blob/05251963ccf807d06bc058d536579573202359b6/src/wp-includes/js/tinymce/wp-tinymce.php#L30
- According to this code, the
.gz file doesn’t exist.
As far as why it’s done this way (and why this change was undone in WP), it looks like it’s a performance enhancement. You’d have to look back at the WP commit history and the associated ticket(s) for more details.