WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 2 years ago

#25314 closed defect (bug) (duplicate)

A way for plugins/themes outside of the wp repository to provide an update API URL

Reported by: farinspace Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.6.1
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Plugins outside of the repository are able to provide an update api/url but only when they are activated (e.g. using the "pre_set_site_transient_update_plugins" filter), however if a plugin is not activated (deactivated), wordpress will always check the repository, any plugin of the same name would get its data returned, potentially overriding the existing external plugin.

I am having this issue, because I chose to not put a "dummy plugin" in the repository (to save the namespace).

Im proposing that an additional header name/value pair be added to plugin file headers to be able to override the default repository check ...

http://codex.wordpress.org/File_Header

/*
Plugin Name: Example
Plugin URI: http://example.org
...
API URI: http://example.org/api/
*/

this would be overridden here I believe:

# wp-includes/update.php line 205
$raw_response = wp_remote_post('http://api.wordpress.org/plugins/update-check/1.0/', $options);

Change History (9)

#1 @SergeyBiryukov
4 years ago

  • Description modified (diff)

#2 @farinspace
4 years ago

I will give this enhancement a go and provide a patch, hopefully it's a worthwhile improvement .. thank you.

#3 @SergeyBiryukov
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #22129. Related: #22377, #22378.

#4 follow-up: @alexander.rohmann
4 years ago

  • Resolution duplicate deleted
  • Status changed from closed to reopened

I've noticed this as well, and I'd like to revisit this ticket - as it's a bit different than the related duplicates. There's a specific issue at hand here that I hope won't be overlooked in the generality of the other tickets.

If I filter plugins_api I can override an individual plugin, and prevent the wordpress.org API request made here:

https://core.trac.wordpress.org/browser/branches/3.9/src/wp-admin/includes/plugin-install.php#L60

However, there isn't a way from preventing the wordpress.org API from being polled every time the update transient is repopulated here:

https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L285
$request = wp_remote_post( $url, $args );

In wp-includes/update.php we should have a way to indicate that a plugin shouldn't be included when checking the WordPress.org API. Otherwise you get this error: https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L287

In some respect, it seems like a bit of a privacy issue, as the WordPress.org API will always be "notified" even if users are overriding individual plugins.

Thanks!

#5 @alexander.rohmann
4 years ago

  • Type changed from enhancement to defect (bug)

#6 @SergeyBiryukov
4 years ago

  • Milestone set to Awaiting Review

#7 in reply to: ↑ 4 ; follow-up: @johnbillion
4 years ago

Replying to alexander.rohmann:

However, there isn't a way from preventing the wordpress.org API from being polled every time the update transient is repopulated here:

https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L285
$request = wp_remote_post( $url, $args );

This is possible, but it's not very elegant. You need to hook into the http_request_args and filter out your plugin from the API request. Take a look at my External Update API plugin.

#8 in reply to: ↑ 7 @alexander.rohmann
4 years ago

Replying to johnbillion:

This is possible, but it's not very elegant. You need to hook into the http_request_args and filter out your plugin from the API request. Take a look at my External Update API plugin.

Thanks John! Just took a look, and I really appreciate it! Three rights can make a left afterall...

It would still be nice if we had an extra filter or something so it could actually be part of the API, instead of requiring an out of the box solution.

#9 @chriscct7
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from reopened to closed

Duplicate of #22377.

Note: See TracTickets for help on using tickets.