WordPress.org

Make WordPress Core

Opened 7 months ago

Last modified 5 hours ago

#44350 assigned task (blessed)

Block plugin updates if required PHP version is not supported - Updates screen

Reported by: flixos90 Owned by: afragen
Milestone: 5.1 Priority: normal
Severity: normal Version:
Component: Plugins Keywords: needs-unit-tests servehappy dev-feedback has-patch
Focuses: Cc:

Description

Note: This ticket is a subtask for the overarching #40934 ticket.

When a plugin states it requires a specific minimum PHP version through its "Requires PHP" header information and the server does not support this PHP version, WordPress should block any possibility to update the plugin. This way, plugins will stay at the latest release that still supports the server's PHP version.

This ticket's goal is to prevent plugin updates from the general "Updates" admin screen. With that, it complements #43987, which deals with preventing plugins from the "Plugins" admin screen.

Attachments (10)

44350.diff (1.7 KB) - added by afragen 7 months ago.
For update-core.php
screenshot_06.png (62.3 KB) - added by afragen 7 months ago.
Checkbox gone and notice listed.
44350.2.diff (2.6 KB) - added by afragen 7 months ago.
feedback applied
screenshot_04.png (56.3 KB) - added by afragen 7 months ago.
44350.3.diff (2.6 KB) - added by afragen 7 months ago.
changed messaging text from 'upgrading' to 'updating'
44350.4.diff (2.7 KB) - added by miyauchi 6 months ago.
Improve escaping
44350.5.diff (2.7 KB) - added by afragen 6 months ago.
more escaping improvements
44350.6.diff (2.7 KB) - added by afragen 6 months ago.
fixed some escaping for esc_html not esc_attr
44350.7.diff (2.6 KB) - added by afragen 13 days ago.
Updated patch for post 5.0 merge, fixed link to update-php
44350.8.diff (5.0 KB) - added by afragen 9 days ago.
fix version_compare so 5.1.10 is greater than 5.1.2

Download all attachments as: .zip

Change History (34)

This ticket was mentioned in Slack in #core-php by flixos90. View the logs.


7 months ago

#2 @flixos90
7 months ago

  • Owner set to afragen
  • Status changed from new to assigned

@afragen
7 months ago

For update-core.php

@afragen
7 months ago

Checkbox gone and notice listed.

#3 @afragen
7 months ago

44350.diff for removing ability to update from update-core.php page.

The following screenshot shows the checkbox missing and therefore not possible to update along with a notice regarding PHP updating.

Checkbox gone and notice listed.

#4 @afragen
7 months ago

  • Keywords dev-feedback has-patch added; needs-patch removed

Are we also looking to disable updates if the WP version is not supported?

#5 @afragen
7 months ago

The last discussion on Slack was to change the text to

This plugin doesn’t work with your version of PHP. [Learn more about updating PHP]

I’ll update the patch accordingly unless there are other suggestions.

@schlessera @flixos90 @SergeyBiryukov any other thoughts?

@afragen
7 months ago

feedback applied

#6 @afragen
7 months ago

Updated patch 44350.2.diff with feedback incorporated.

Not much difference except for updating -> upgrading

This ticket was mentioned in Slack in #core-php by afragen. View the logs.


7 months ago

This ticket was mentioned in Slack in #core by afragen. View the logs.


7 months ago

@afragen
7 months ago

changed messaging text from 'upgrading' to 'updating'

#9 @afragen
7 months ago

These patches are dependent upon some changes in the patch for #43987 for the View Details window to display a Cannot Update button.

This ticket was mentioned in Slack in #core-php by sergey. View the logs.


6 months ago

@miyauchi
6 months ago

Improve escaping

#11 @afragen
6 months ago

Translatable strings in core don’t generally seem to be escaped. Just my observation as core translations are more thoroughly vetted.

#12 follow-up: @miyauchi
6 months ago

Thanks @afragen

I thought properties of the $plugin_data like $plugin_data->Name should be escaped. :)

#13 @afragen
6 months ago

Core seems to be a slightly different case and I don’t honestly know the answer. I’m certain at some point we’ll get some feedback from @flixos90 or @SergeyBiryukov

Though more likely it’s just something I missed and thanks for picking up on it.

Last edited 6 months ago by afragen (previous) (diff)

#14 in reply to: ↑ 12 @afragen
6 months ago

Replying to miyauchi:

Thanks @afragen

I thought properties of the $plugin_data like $plugin_data->Name should be escaped. :)

If you want to escape the properties, you might use something like esc_attr( $plugin_data )

@afragen
6 months ago

more escaping improvements

#15 @miyauchi
6 months ago

Hi @afragen

esc_attr() should be used to escape attributes for HTML. In this case, I think it should esc_html().

But I agree to escape the property only as your patch. :)

Thanks. :)

@afragen
6 months ago

fixed some escaping for esc_html not esc_attr

This ticket was mentioned in Slack in #core-php by afragen. View the logs.


6 months ago

This ticket was mentioned in Slack in #core-php by afragen. View the logs.


5 months ago

#18 @afragen
4 months ago

@schlessera @flixos90 should this be milestone 4.9.9?

#19 @afragen
3 months ago

Probably need to milestone this for 5.1

#20 @flixos90
3 months ago

  • Milestone changed from 5.0 to 5.1

@afragen
13 days ago

Updated patch for post 5.0 merge, fixed link to update-php

This ticket was mentioned in Slack in #core-php by afragen. View the logs.


13 days ago

This ticket was mentioned in Slack in #core-php by afragen. View the logs.


9 days ago

@afragen
9 days ago

fix version_compare so 5.1.10 is greater than 5.1.2

#23 @afragen
9 days ago

There is clearly overlap with 43987 and this patch. Also, may need to lint the patch. Sorry. Not sure everyone wants to see yet another iteration.

#24 @afragen
5 hours ago

We probably need to change milestone to 5.2

Last edited 5 hours ago by afragen (previous) (diff)
Note: See TracTickets for help on using tickets.