Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#50824 closed enhancement (fixed)

Allow for WordPress.org to remotely disable auto-updates for plugins/themes

Reported by: dd32's profile dd32 Owned by: whyisjake's profile whyisjake
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.5
Component: Upgrade/Install Keywords: has-patch commit dev-reviewed
Focuses: Cc:

Description

The new auto-update UI is great, but it would benefit from having a way to remotely disable the auto-update for a plugin/theme.

It'll open the possibility for WordPress.org to control the rollout of an auto-update, for example, auto-updating everyone 1-24hrs after release rather than immediately to allow for any major bugs to be discovered.

Ideally it'll never need to be used for it, but it'll also protect WordPress users by allowing us to disable it for a plugin or entirely if there are any unexpected behaviours from it.

The attached PR allows for the WordPress.org API response to include a disable_autoupdate flag which will disable it for that item, it'll not affect the UI and hopefully will never be needed (aside from the example use-case of A/B smoke testing or the like).

For more information, I discussed it a little on Slack: https://wordpress.slack.com/archives/CULBN711P/p1596156154382900

I'm assigning this to the 5.5 milestone out of caution.

Change History (12)

This ticket was mentioned in PR #444 on WordPress/wordpress-develop by dd32.


4 years ago
#1

  • Keywords has-patch added

#2 @whyisjake
4 years ago

  • Keywords commit dev-feedback added

This ticket was mentioned in Slack in #core by whyisjake. View the logs.


4 years ago

#4 @SergeyBiryukov
4 years ago

  • Keywords dev-reviewed added; dev-feedback removed

Looks good.

#5 @whyisjake
4 years ago

  • Owner set to whyisjake
  • Resolution set to fixed
  • Status changed from new to closed

In 48701:

Upgrade/Install: Allow for WordPress.org to remotely disable auto-updates for plugins/themes

As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.

Fixes #50824.
Props dd32, whyisjake, SergeyBiryukov.

#6 @whyisjake
4 years ago

In 48702:

Upgrade/Install: Allow for WordPress.org to remotely disable auto-updates for plugins/themes

As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.

This brings the changes from [48701] to the 5.5 branch.

Fixes #50824.
Props dd32, whyisjake, SergeyBiryukov.

whyisjake commented on PR #444:


4 years ago
#7

Merged in r48701 and r48702.

#8 @TimothyBlynJacobs
4 years ago

I might be missing something, but it seems like this code does the opposite. If disable_autoupdate is set to true, then it forces the update to be enabled. The code should read as.

        // If the `disable_autoupdate` flag is set, override any user-choice, but allow filters.
       if ( ! empty( $item->disable_autoupdate ) ) {
                    $update = ! $item->disable_autoupdate;
        }

Notice the negation.

#9 @johnbillion
4 years ago

I think it's correct. If $item->disable_autoupdate is true then $update gets set to false, which disables the update.

#10 @TimothyBlynJacobs
4 years ago

To clarify, the code snippet I shared is what I think the code should read as. The actual code doesn’t have the negation so $update Is set to true.

#11 follow-up: @johnbillion
4 years ago

Yoinks. Agreed. Can you open a new ticket?

#12 in reply to: ↑ 11 @TimothyBlynJacobs
4 years ago

Replying to johnbillion:

Yoinks. Agreed. Can you open a new ticket?

Yep, opened in #52796.

Note: See TracTickets for help on using tickets.