Make WordPress Core


Ignore:
Timestamp:
05/20/2020 06:47:24 PM (5 years ago)
Author:
whyisjake
Message:

Security: Add user interface to auto-update themes and plugins.

Building on core update mechanisms, this adds the ability to enable automatic updates for themes and plugins to the WordPress admin.

Fixes: #50052.
Props: afercia, afragen, audrasjb, azaozz, bookdude13, davidperonne, desrosj, gmays, gmays, javiercasares, karmatosed, knutsp, mapk, mukesh27, netweb, nicolaskulka, nielsdeblaauw, paaljoachim, passoniate, pbiron, pedromendonca, whodunitagency, whyisjake, wpamitkumar, and xkon.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/themes.php

    r47816 r47835  
    8181            wp_redirect( admin_url( 'themes.php?deleted=true' ) );
    8282        }
     83        exit;
     84    } elseif ( 'enable-auto-update' === $_GET['action'] ) {
     85        if ( ! ( current_user_can( 'update_themes' ) && wp_is_auto_update_enabled_for_type( 'theme' ) ) ) {
     86            wp_die( __( 'Sorry, you are not allowed to enable themes automatic updates.' ) );
     87        }
     88
     89        check_admin_referer( 'updates' );
     90
     91        $all_items    = wp_get_themes();
     92        $auto_updates = (array) get_site_option( 'auto_update_themes', array() );
     93
     94        $auto_updates[] = $_GET['stylesheet'];
     95        $auto_updates   = array_unique( $auto_updates );
     96        // Remove themes that have been deleted since the site option was last updated.
     97        $auto_updates = array_intersect( $auto_updates, array_keys( $all_items ) );
     98
     99        update_site_option( 'auto_update_themes', $auto_updates );
     100
     101        wp_redirect( admin_url( 'themes.php?enabled-auto-update=true' ) );
     102
     103        exit;
     104    } elseif ( 'disable-auto-update' === $_GET['action'] ) {
     105        if ( ! ( current_user_can( 'update_themes' ) && wp_is_auto_update_enabled_for_type( 'theme' ) ) ) {
     106            wp_die( __( 'Sorry, you are not allowed to disable themes automatic updates.' ) );
     107        }
     108
     109        check_admin_referer( 'updates' );
     110
     111        $all_items    = wp_get_themes();
     112        $auto_updates = (array) get_site_option( 'auto_update_themes', array() );
     113
     114        $auto_updates = array_diff( $auto_updates, array( $_GET['stylesheet'] ) );
     115        // Remove themes that have been deleted since the site option was last updated.
     116        $auto_updates = array_intersect( $auto_updates, array_keys( $all_items ) );
     117
     118        update_site_option( 'auto_update_themes', $auto_updates );
     119
     120        wp_redirect( admin_url( 'themes.php?disabled-auto-update=true' ) );
     121
    83122        exit;
    84123    }
     
    228267    ?>
    229268    <div id="message6" class="error"><p><?php _e( 'Theme could not be resumed because it triggered a <strong>fatal error</strong>.' ); ?></p></div>
     269    <?php
     270} elseif ( isset( $_GET['enabled-auto-update'] ) ) {
     271    ?>
     272    <div id="message7" class="updated notice is-dismissible"><p><?php _e( 'Theme will be auto-updated.' ); ?></p></div>
     273    <?php
     274} elseif ( isset( $_GET['disabled-auto-update'] ) ) {
     275    ?>
     276    <div id="message8" class="updated notice is-dismissible"><p><?php _e( 'Theme will no longer be auto-updated.' ); ?></p></div>
    230277    <?php
    231278}
     
    582629                </p>
    583630
     631                <# if ( data.actions.autoupdate ) { #>
     632                <p class="theme-autoupdate">
     633                <# if ( data.autoupdate ) { #>
     634                    <a href="{{{ data.actions.autoupdate }}}" class="toggle-auto-update" data-slug="{{ data.id }}" data-wp-action="disable">
     635                        <span class="dashicons dashicons-update spin hidden"></span>
     636                        <span class="label"><?php _e( 'Disable auto-updates' ); ?></span>
     637                    </a>
     638                <# } else { #>
     639                    <a href="{{{ data.actions.autoupdate }}}" class="toggle-auto-update" data-slug="{{ data.id }}" data-wp-action="enable">
     640                        <span class="dashicons dashicons-update spin hidden"></span>
     641                        <span class="label"><?php _e( 'Enable auto-updates' ); ?></span>
     642                    </a>
     643                <# } #>
     644                <# if ( data.hasUpdate ) { #>
     645                    <# if ( data.autoupdate) { #>
     646                    <span class="auto-update-time"><br /><?php echo wp_get_auto_update_message(); ?></span>
     647                    <# } else { #>
     648                    <span class="auto-update-time hidden"><br /><?php echo wp_get_auto_update_message(); ?></span>
     649                    <# } #>
     650                <# } #>
     651                    <span class="auto-updates-error hidden"><p></p></span>
     652                </p>
     653                <# } #>
     654
    584655                <# if ( data.hasUpdate ) { #>
    585656                <div class="notice notice-warning notice-alt notice-large">
Note: See TracChangeset for help on using the changeset viewer.