Make WordPress Core

Opened 9 years ago

Closed 9 years ago

#32465 closed defect (bug) (fixed)

Capital case chars in a plugin slug/name break the autoupdate mechanism.

Reported by: caraffande's profile caraffande Owned by: dd32's profile dd32
Milestone: 4.2.3 Priority: normal
Severity: normal Version: 4.2.2
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

If you use capital letters in a plugin name (such as: MyCoolPlugin), or, better said, if your plugin's folder's name has Uppercase chars in it, the update process via the plugins.php page fails.
If you update the plugin, using the update-core.php page, it works perfectly, but if you update/upgrade from somewhere else then the page stays indefinitely on the message "Update in progress...".
More precisely, I have to say that the update process, actually, completes successfully. The plugin is updated. The problem is in the JSON response which sends back a "lowerized" slug name.
My proposal to fix this is to replace

	'slug'       => sanitize_key( $_POST['slug'] ),

in the wp_ajax_update_plugins() function of the ajax-actions.php file with a more reasonable

	'slug'       => preg_replace( '/[^A-Za-z0-9_\-]/', '', $_POST['slug'] ),


(If we don't need to "sanitize" the slug in update-core.php then we don't need to in plugins.php either, do we?)

Change History (8)

#1 @dd32
9 years ago

  • Keywords fixed-major added
  • Milestone changed from Awaiting Review to 4.2.3

#2 @dd32
9 years ago

  • Owner set to dd32
  • Resolution set to fixed
  • Status changed from new to closed

In 32570:

Shiny Updates: Handle the case where the plugin is installed into a different directory than it previously existed in.
A good example of this is when the plugin being updated is currently installed as 'Plugin-Name' but the canonical directory is 'plugin-name', but it can also occur when the plugin is installed in 'super-cool-plugin' and it's canonical name is 'average-plugin'.

Fixes #32465 for trunk

#3 @dd32
9 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

reopening for 4.2.x - This seems like a fairly common use-case and a bug in the 4.2 feature.

#4 @dd32
9 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 33301:

Shiny Updates: Handle the case where the plugin is installed into a different directory than it previously existed in.
A good example of this is when the plugin being updated is currently installed as 'Plugin-Name' but the canonical directory is 'plugin-name', but it can also occur when the plugin is installed in 'super-cool-plugin' and it's canonical name is 'average-plugin'.

Merges [32570] to the 4.2 branch.
Fixes #32465

#5 @caraffande
9 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

The problem is still there. If I use capital case in my plugin's name, the spinner and the message "Update in progress" stay on for ever, even after the plugin has been updated successfully.
You did close it because you don't consider it a bug?

#6 follow-up: @dd32
9 years ago

  • Keywords fixed-major removed

Hi @caraffande,

It was marked as fixed, as for me, the issue was resolved.
Can you elaborate on the exact steps you're using that shows the problem still? (including filenames & plugin headers). Furthermore, is this plugin using a 3rd-party update script or WordPress.org updates?

The testing I've done is using a mixed-case folder names & filenames to duplicate, I set it up using the following:
wp-content/plugins]$ mv akismet/ aKISmet && mv aKISmet/akismet.php aKISmet/aKISmet.php && sed -i 's/3.1.3/3.1.0/' aKISmet/aKISmet.php

Looking at your report closer though, I'm somewhat confused.. You seem to be indicating that you've got uppercase characters in the slug field, which isn't supposed to be possible here.
It does appear that two different sanitization methods are being used - sanitize_title() by the plugins page generation, and sanitize_key() by other code.. but as far as I can tell, for our purposes they should pretty close to one another.

#7 in reply to: ↑ 6 @adamsilverstein
9 years ago

I also spent some time trying to reproduce this issue without any luck. Tried renaming plugin name, folder name, capitalizing, adding spaces, etc. In all cases the data-slug identifier matched the returned slug and the plugin was marked as updated.

If the problem persists, it would be great to have clear steps to reproduce @caraffande! Thanks.

Replying to dd32:

Hi @caraffande,

It was marked as fixed, as for me, the issue was resolved.
Can you elaborate on the exact steps you're using that shows the problem still? (including filenames & plugin headers). Furthermore, is this plugin using a 3rd-party update script or WordPress.org updates?

The testing I've done is using a mixed-case folder names & filenames to duplicate, I set it up using the following:
wp-content/plugins]$ mv akismet/ aKISmet && mv aKISmet/akismet.php aKISmet/aKISmet.php && sed -i 's/3.1.3/3.1.0/' aKISmet/aKISmet.php

Looking at your report closer though, I'm somewhat confused.. You seem to be indicating that you've got uppercase characters in the slug field, which isn't supposed to be possible here.
It does appear that two different sanitization methods are being used - sanitize_title() by the plugins page generation, and sanitize_key() by other code.. but as far as I can tell, for our purposes they should pretty close to one another.

#8 @markjaquith
9 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

@caraffande Please re-open with specific reproduction steps, if you're still experiencing the issue. (We're just aggressively closing tickets now in anticipation of 4.3.)

Note: See TracTickets for help on using tickets.