Opened 9 years ago
Closed 9 years ago
#32465 closed defect (bug) (fixed)
Capital case chars in a plugin slug/name break the autoupdate mechanism.
Reported by: | caraffande | Owned by: | dd32 |
---|---|---|---|
Milestone: | 4.2.3 | Priority: | normal |
Severity: | normal | Version: | 4.2.2 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description
If you use capital letters in a plugin name (such as: MyCoolPlugin), or, better said, if your plugin's folder's name has Uppercase chars in it, the update process via the plugins.php page fails.
If you update the plugin, using the update-core.php page, it works perfectly, but if you update/upgrade from somewhere else then the page stays indefinitely on the message "Update in progress...".
More precisely, I have to say that the update process, actually, completes successfully. The plugin is updated. The problem is in the JSON response which sends back a "lowerized" slug name.
My proposal to fix this is to replace
'slug' => sanitize_key( $_POST['slug'] ),
in the wp_ajax_update_plugins() function of the ajax-actions.php file with a more reasonable
'slug' => preg_replace( '/[^A-Za-z0-9_\-]/', '', $_POST['slug'] ),
(If we don't need to "sanitize" the slug in update-core.php then we don't need to in plugins.php either, do we?)
Change History (8)
#3
@
9 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
reopening for 4.2.x - This seems like a fairly common use-case and a bug in the 4.2 feature.
#5
@
9 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
The problem is still there. If I use capital case in my plugin's name, the spinner and the message "Update in progress" stay on for ever, even after the plugin has been updated successfully.
You did close it because you don't consider it a bug?
#6
follow-up:
↓ 7
@
9 years ago
- Keywords fixed-major removed
Hi @caraffande,
It was marked as fixed, as for me, the issue was resolved.
Can you elaborate on the exact steps you're using that shows the problem still? (including filenames & plugin headers). Furthermore, is this plugin using a 3rd-party update script or WordPress.org updates?
The testing I've done is using a mixed-case folder names & filenames to duplicate, I set it up using the following:
wp-content/plugins]$ mv akismet/ aKISmet && mv aKISmet/akismet.php aKISmet/aKISmet.php && sed -i 's/3.1.3/3.1.0/' aKISmet/aKISmet.php
Looking at your report closer though, I'm somewhat confused.. You seem to be indicating that you've got uppercase characters in the slug field, which isn't supposed to be possible here.
It does appear that two different sanitization methods are being used - sanitize_title()
by the plugins page generation, and sanitize_key()
by other code.. but as far as I can tell, for our purposes they should pretty close to one another.
#7
in reply to:
↑ 6
@
9 years ago
I also spent some time trying to reproduce this issue without any luck. Tried renaming plugin name, folder name, capitalizing, adding spaces, etc. In all cases the data-slug identifier matched the returned slug and the plugin was marked as updated.
If the problem persists, it would be great to have clear steps to reproduce @caraffande! Thanks.
Replying to dd32:
Hi @caraffande,
It was marked as fixed, as for me, the issue was resolved.
Can you elaborate on the exact steps you're using that shows the problem still? (including filenames & plugin headers). Furthermore, is this plugin using a 3rd-party update script or WordPress.org updates?
The testing I've done is using a mixed-case folder names & filenames to duplicate, I set it up using the following:
wp-content/plugins]$ mv akismet/ aKISmet && mv aKISmet/akismet.php aKISmet/aKISmet.php && sed -i 's/3.1.3/3.1.0/' aKISmet/aKISmet.php
Looking at your report closer though, I'm somewhat confused.. You seem to be indicating that you've got uppercase characters in the slug field, which isn't supposed to be possible here.
It does appear that two different sanitization methods are being used -sanitize_title()
by the plugins page generation, andsanitize_key()
by other code.. but as far as I can tell, for our purposes they should pretty close to one another.
In 32570: