Opened 11 years ago
Closed 9 years ago
#25314 closed defect (bug) (duplicate)
A way for plugins/themes outside of the wp repository to provide an update API URL
Reported by: | farinspace | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.6.1 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
Plugins outside of the repository are able to provide an update api/url but only when they are activated (e.g. using the "pre_set_site_transient_update_plugins" filter), however if a plugin is not activated (deactivated), wordpress will always check the repository, any plugin of the same name would get its data returned, potentially overriding the existing external plugin.
I am having this issue, because I chose to not put a "dummy plugin" in the repository (to save the namespace).
Im proposing that an additional header name/value pair be added to plugin file headers to be able to override the default repository check ...
http://codex.wordpress.org/File_Header
/* Plugin Name: Example Plugin URI: http://example.org ... API URI: http://example.org/api/ */
this would be overridden here I believe:
# wp-includes/update.php line 205 $raw_response = wp_remote_post('http://api.wordpress.org/plugins/update-check/1.0/', $options);
Change History (9)
#3
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
#4
follow-up:
↓ 7
@
11 years ago
- Resolution duplicate deleted
- Status changed from closed to reopened
I've noticed this as well, and I'd like to revisit this ticket - as it's a bit different than the related duplicates. There's a specific issue at hand here that I hope won't be overlooked in the generality of the other tickets.
If I filter plugins_api
I can override an individual plugin, and prevent the wordpress.org API request made here:
https://core.trac.wordpress.org/browser/branches/3.9/src/wp-admin/includes/plugin-install.php#L60
However, there isn't a way from preventing the wordpress.org API from being polled every time the update transient is repopulated here:
https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L285
$request = wp_remote_post( $url, $args );
In wp-includes/update.php we should have a way to indicate that a plugin shouldn't be included when checking the WordPress.org API. Otherwise you get this error: https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L287
In some respect, it seems like a bit of a privacy issue, as the WordPress.org API will always be "notified" even if users are overriding individual plugins.
Thanks!
#7
in reply to:
↑ 4
;
follow-up:
↓ 8
@
11 years ago
Replying to alexander.rohmann:
However, there isn't a way from preventing the wordpress.org API from being polled every time the update transient is repopulated here:
https://core.trac.wordpress.org/browser/branches/3.9/src/wp-includes/update.php#L285
$request = wp_remote_post( $url, $args );
This is possible, but it's not very elegant. You need to hook into the http_request_args
and filter out your plugin from the API request. Take a look at my External Update API plugin.
#8
in reply to:
↑ 7
@
11 years ago
Replying to johnbillion:
This is possible, but it's not very elegant. You need to hook into the
http_request_args
and filter out your plugin from the API request. Take a look at my External Update API plugin.
Thanks John! Just took a look, and I really appreciate it! Three rights can make a left afterall...
It would still be nice if we had an extra filter or something so it could actually be part of the API, instead of requiring an out of the box solution.
I will give this enhancement a go and provide a patch, hopefully it's a worthwhile improvement .. thank you.