Make WordPress Core

Opened 7 weeks ago

Last modified 2 weeks ago

#47160 new defect (bug)

Backport blocking of plugin updates if required PHP version is not supported

Reported by: azaozz Owned by:
Milestone: 5.3 Priority: normal
Severity: normal Version: 5.2
Component: Plugins Keywords: 2nd-opinion
Focuses: Cc:


Follow-up from #43987 and #44350. Description from https://core.trac.wordpress.org/ticket/43987?cnum_edit=46#comment:41

With WordPress 5.2 requiring at least PHP 5.6, many plugin authors will start updating their plugins to also require PHP 5.6. This is fine for users running WordPress 5.2, but for users on older versions of WordPress they'll start receiving update notifications for plugins that they may no longer be able to run if they're using a version of PHP older than 5.6. If the user updates such a the plugin then they'll likely start seeing fatal errors.

Backporting the changes that prevent updates from being served to sites that don't meet the plugin's minimum PHP version will help avoid users on older branches finding themselves updating a plugin to a version that no longer works.

Change History (9)

#1 follow-up: @azaozz
7 weeks ago

Should (could?) this be handled by the updates API? Seems a better idea than trying to backport it. Then all sites running older versions of WP will be covered, instantly.

Of course the users on older WP versions should see a notice if they cannot update a theme or a plugin because of old/unsupported PHP version. They won't be able to update core either. On the other hand wondering how "annoying" these notices may become in cases where it is not possible to update the PHP version...

#2 @desrosj
7 weeks ago

  • Keywords 2nd-opinion added

#3 @desrosj
6 weeks ago

  • Milestone changed from 5.2.1 to 5.2.2

Going to move this to 5.2.2 as it still needs feedback and an agreed approach.

This ticket was mentioned in Slack in #core-php by spacedmonkey. View the logs.

5 weeks ago

#5 @desrosj
5 weeks ago

Noting that #46937 should be considered as a backport if any other related code is backported.

#6 @Clorith
4 weeks ago

I'm worried that this would set a precedent that enhancements can also be backported, not just security fixes, not necessarily because we would do them, but it adds an argument to "why not, it's done before".

I'd think that this is self-solving by plugin authors using the Requires at least header, it sounds like a safer approach. That header is there to ensure you're not using core features before they exist, and I would classify that following core minimum PHP versions should tie in with this.

We could probably get the plugins team to help with getting the word out about the importance of associating your requirement headers along with core versions that allow the use of the features they want (they already had an initial post made about the version bump, recommending that plugin authors use their own PHP version checks).

This ticket was mentioned in Slack in #core by audrasjb. View the logs.

4 weeks ago

#8 in reply to: ↑ 1 @SergeyBiryukov
4 weeks ago

Replying to azaozz:

Should (could?) this be handled by the updates API? Seems a better idea than trying to backport it. Then all sites running older versions of WP will be covered, instantly.

I'm leaning towards that option as well.

That said, educating plugin authors about bumping the required WordPress version to 5.2 at the same time as bumping the required PHP version, as suggested in comment:6, would also be an option.

#9 @SergeyBiryukov
2 weeks ago

  • Milestone changed from 5.2.2 to 5.3

5.2.2 RC1 is planned for today, moving to 5.3 for more discussion.

Note: See TracTickets for help on using tickets.