Make WordPress Core


Ignore:
Timestamp:
08/23/2022 05:46:46 PM (2 years ago)
Author:
SergeyBiryukov
Message:

Themes: Add support for Update URI header.

This allows third-party themes to avoid accidentally being overwritten with an update of a theme of a similar name from the WordPress.org Theme Directory.

Additionally, introduce the update_themes_{$hostname} filter, which third-party themes can use to offer updates for a given hostname.

If set, the Update URI header field should be a URI and have a unique hostname.

Some examples include:

  • https://wordpress.org/themes/example-theme/
  • https://example.com/my-theme/
  • my-custom-theme-name

Update URI: false also works, and unless there is code handling the false hostname, the theme will never get an update notification.

If the header is present, the WordPress.org API will currently only return updates for the theme if it matches the following format:

  • https://wordpress.org/themes/{$slug}/
  • w.org/theme/{$slug}

If the header has any other value, the API will not return a result and will ignore the theme for update purposes.

Follow-up to [50921].

Props dd32, meloniq, costdev, audrasjb, DavidAnderson, markjaquith, DrewAPicture, mweichert, design_dolphin, filosofo, sean212, nhuja, JeroenReumkens, infolu, dingdang, joyously, earnjam, williampatton, grapplerulrich, markparnell, apedog, afragen, miqrogroove, rmccue, crazycoders, jdgrimes, damonganto, joostdevalk, jorbin, georgestephanis, khromov, GeekStreetWP, jb510, Rarst, juliobox, Ipstenu, mikejolley, Otto42, gMagicScott, TJNowell, GaryJ, knutsp, mordauk, nvartolomei, aspexi, chriscct7, benoitchantre, ryno267, lev0, gregorlove, dougwollison, leemon, SergeyBiryukov.
See #14179, #23318, #32101.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/theme/wpTheme.php

    r53916 r53933  
    406406        );
    407407    }
     408
     409    /**
     410     * Tests that the UpdateURI header is retrieved.
     411     *
     412     * @ticket 14179
     413     *
     414     * @covers WP_Theme::get
     415     */
     416    public function test_theme_get_update_uri_header() {
     417        $theme = new WP_Theme( 'update-uri-theme', $this->theme_root );
     418
     419        $this->assertTrue(
     420            $theme->exists(),
     421            'The update-uri-theme does not exist.'
     422        );
     423
     424        $update_uri = $theme->get( 'UpdateURI' );
     425
     426        $this->assertIsString(
     427            $update_uri,
     428            'The UpdateURI header was not returned as a string.'
     429        );
     430
     431        $this->assertSame(
     432            'http://example.org/update-uri-theme/',
     433            $update_uri,
     434            'The UpdateURI header did not match the expected value.'
     435        );
     436    }
     437
     438    /**
     439     * Tests that WP_Theme::sanitize_header() strips tags from the UpdateURI header.
     440     *
     441     * @ticket 14179
     442     *
     443     * @covers WP_Theme::sanitize_header
     444     */
     445    public function test_should_strip_tags_from_update_uri_header() {
     446        $theme           = new WP_Theme( 'twentytwentytwo', $this->theme_root );
     447        $sanitize_header = new ReflectionMethod( $theme, 'sanitize_header' );
     448        $sanitize_header->setAccessible( true );
     449
     450        $actual = $sanitize_header->invoke( $theme, 'UpdateURI', '<?php?><a href="http://example.org">http://example.org</a>' );
     451
     452        $this->assertSame( 'http://example.org', $actual );
     453    }
    408454}
Note: See TracChangeset for help on using the changeset viewer.