#!/bin/bash set -e WP_CONFIG="/var/www/html/wp-config.php" # Wait for WordPress core to exist (in case first-run init populates it) if [ ! -f "$WP_CONFIG" ]; then sleep 2 fi # Already patched? if grep -q "Force WordPress to use SQLite drop-in early" "$WP_CONFIG"; then exit 0 fi PLUGIN_VER=$(unzip -p /tmp/sqlite.zip sqlite-database-integration/readme.txt 2>/dev/null | grep -m1 '^Stable tag:' | awk '{print $3}') [[ -z "$PLUGIN_VER" ]] && PLUGIN_VER="2.2.14" # PHP block to inject (no debug echos) PATCH_BLOCK=$(cat <<'PHPBLOCK' // --- Force WordPress to use SQLite drop-in early + normalize proxy envs --- /** * 1) Normalize HTTP_HOST: remove any :port (especially :7860 used internally) * 2) Determine canonical $site (prefer SITE_URL env; otherwise build from host & scheme) * 3) Force SERVER_PORT to 80 (or 443 for https) so WP doesn't add container port * 4) Define WP_HOME/WP_SITEURL early (before wp-settings.php) */ if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') { $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; $_SERVER['HTTP_HOST'] = preg_replace('/:\d+$/', '', $_SERVER['HTTP_HOST'] ?? ''); } if (isset($_SERVER['HTTP_CF_VISITOR'])) { $visitor = json_decode($_SERVER['HTTP_CF_VISITOR']); if ($visitor && $visitor->scheme === 'https') { $_SERVER['HTTPS'] = 'on'; } } define('COOKIE_DOMAIN', ''); define('COOKIEPATH', '/'); define('SITECOOKIEPATH', '/'); define('ADMIN_COOKIE_PATH', '/'); define('PLUGINS_COOKIE_PATH', '/'); if (isset($_SERVER['HTTP_HOST'])) { // Remove explicit : from host header (common when container listens on nonstandard port) $_SERVER['HTTP_HOST'] = preg_replace('/:\d+$/', '', $_SERVER['HTTP_HOST']); } // Prefer SITE_URL env if provided (set in HF Space secrets) // If not provided, build from detected scheme + host (host was normalized above) $site_env = getenv('SITE_URL') ?: ''; if ($site_env) { $site = rtrim($site_env, '/'); } else { $scheme = (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https') || (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https' : 'http'; $host = $_SERVER['HTTP_HOST'] ?? '127.0.0.1'; $site = $scheme . '://' . $host; } // Ensure server port matches scheme (so WP won't append container port) if (stripos($site, 'https://') === 0) { $_SERVER['HTTPS'] = 'on'; $_SERVER['SERVER_PORT'] = 443; if (!defined('FORCE_SSL_ADMIN')) define('FORCE_SSL_ADMIN', true); } else { $_SERVER['HTTPS'] = 'off'; $_SERVER['SERVER_PORT'] = $_SERVER['SERVER_PORT'] ?? 80; if (!defined('FORCE_SSL_ADMIN')) define('FORCE_SSL_ADMIN', false); } // Always set WP_HOME and WP_SITEURL early (no port) if (!defined('WP_HOME')) define('WP_HOME', $site); if (!defined('WP_SITEURL')) define('WP_SITEURL', $site); // Standard SQLite / plugin constants if (!defined('WP_CONTENT_DIR')) define('WP_CONTENT_DIR', __DIR__ . '/wp-content'); if (!defined('WP_CONTENT_URL')) define('WP_CONTENT_URL', '/wp-content'); if (!defined('ABSPATH')) define('ABSPATH', __DIR__ . '/'); if (file_exists(WP_CONTENT_DIR . '/db.php')) @define('DB_ENGINE', 'sqlite'); if (!defined('SQLITE_DB_DROPIN_VERSION')) define('SQLITE_DB_DROPIN_VERSION', '${PLUGIN_VER}'); PHPBLOCK ) # Inject before wp-settings.php line awk -v block="$PATCH_BLOCK" ' /require_once ABSPATH . '\''wp-settings.php'\'';/ { print block "\n" $0; next; } { print } ' "$WP_CONFIG" > "${WP_CONFIG}.patched" && mv "${WP_CONFIG}.patched" "$WP_CONFIG" # Add hardening and defaults if missing grep -q "AUTOMATIC_UPDATER_DISABLED" "$WP_CONFIG" || cat <<'EXTRA' >> "$WP_CONFIG" // === Extra hardening and SQLite defaults === if (!defined('AUTOMATIC_UPDATER_DISABLED')) define('AUTOMATIC_UPDATER_DISABLED', true); if (!defined('WP_AUTO_UPDATE_CORE')) define('WP_AUTO_UPDATE_CORE', false); if (!defined('DISALLOW_FILE_EDIT')) define('DISALLOW_FILE_EDIT', true); if (!defined('FS_METHOD')) define('FS_METHOD', 'direct'); EXTRA exit 0