Make WordPress Core


Ignore:
Timestamp:
05/17/2021 05:02:49 PM (4 years ago)
Author:
SergeyBiryukov
Message:

Plugins: Add support for Update URI header.

This allows third-party plugins to avoid accidentally being overwritten with an update of a plugin of a similar name from the WordPress.org Plugin Directory.

Additionally, introduce the update_plugins_{$hostname} filter, which third-party plugins can use to offer updates for a given hostname.

If set, the Update URI header field should be a URI and have a unique hostname.

Some examples include:

  • https://wordpress.org/plugins/example-plugin/
  • https://example.com/my-plugin/
  • my-custom-plugin-name

Update URI: false also works, and unless there is code handling the false hostname, the plugin will never get an update notification.

If the header is present, the WordPress.org API will currently only return updates for the plugin if it matches the following format:

  • https://wordpress.org/plugins/{$slug}/
  • w.org/plugin/{$slug}

If the header has any other value, the API will not return a result and will ignore the plugin for update purposes.

Props dd32, DavidAnderson, meloniq, markjaquith, DrewAPicture, mweichert, design_dolphin, filosofo, sean212, nhuja, JeroenReumkens, infolu, dingdang, joyously, earnjam, williampatton, grapplerulrich, markparnell, apedog, afragen, miqrogroove, rmccue, crazycoders, jdgrimes, damonganto, joostdevalk, jorbin, georgestephanis, khromov, GeekStreetWP, jb510, Rarst, juliobox, Ipstenu, mikejolley, Otto42, gMagicScott, TJNowell, GaryJ, knutsp, mordauk, nvartolomei, aspexi, chriscct7, benoitchantre, ryno267, lev0, gregorlove, dougwollison, SergeyBiryukov.
See #14179, #23318, #32101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/update.php

    r50121 r50921  
    436436
    437437    $plugin_name = wp_kses( $plugin_data['Name'], $plugins_allowedtags );
    438     $details_url = self_admin_url( 'plugin-install.php?tab=plugin-information&plugin=' . $response->slug . '&section=changelog&TB_iframe=true&width=600&height=800' );
     438    $plugin_slug = isset( $response->slug ) ? $response->slug : $response->id;
     439
     440    if ( isset( $response->slug ) ) {
     441        $details_url = self_admin_url( 'plugin-install.php?tab=plugin-information&plugin=' . $plugin_slug . '&section=changelog' );
     442    } elseif ( isset( $response->url ) ) {
     443        $details_url = $response->url;
     444    } else {
     445        $details_url = $plugin_data['PluginURI'];
     446    }
     447
     448    $details_url = add_query_arg(
     449        array(
     450            'TB_iframe' => 'true',
     451            'width'     => 600,
     452            'height'    => 800,
     453        ),
     454        $details_url
     455    );
    439456
    440457    /** @var WP_Plugins_List_Table $wp_list_table */
     
    462479            '<div class="update-message notice inline %s notice-alt"><p>',
    463480            $active_class,
    464             esc_attr( $response->slug . '-update' ),
    465             esc_attr( $response->slug ),
     481            esc_attr( $plugin_slug . '-update' ),
     482            esc_attr( $plugin_slug ),
    466483            esc_attr( $file ),
    467484            esc_attr( $wp_list_table->get_column_count() ),
Note: See TracChangeset for help on using the changeset viewer.