WordPress.org

Make WordPress Core

Opened 9 months ago

Closed 9 months ago

Last modified 5 weeks ago

#50824 closed enhancement (fixed)

Allow for WordPress.org to remotely disable auto-updates for plugins/themes

Reported by: dd32 Owned by: whyisjake
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.5
Component: Upgrade/Install Keywords: has-patch commit dev-reviewed
Focuses: Cc:

Description

The new auto-update UI is great, but it would benefit from having a way to remotely disable the auto-update for a plugin/theme.

It'll open the possibility for WordPress.org to control the rollout of an auto-update, for example, auto-updating everyone 1-24hrs after release rather than immediately to allow for any major bugs to be discovered.

Ideally it'll never need to be used for it, but it'll also protect WordPress users by allowing us to disable it for a plugin or entirely if there are any unexpected behaviours from it.

The attached PR allows for the WordPress.org API response to include a disable_autoupdate flag which will disable it for that item, it'll not affect the UI and hopefully will never be needed (aside from the example use-case of A/B smoke testing or the like).

For more information, I discussed it a little on Slack: https://wordpress.slack.com/archives/CULBN711P/p1596156154382900

I'm assigning this to the 5.5 milestone out of caution.

Change History (12)

This ticket was mentioned in PR #444 on WordPress/wordpress-develop by dd32.


9 months ago

  • Keywords has-patch added

#2 @whyisjake
9 months ago

  • Keywords commit dev-feedback added

This ticket was mentioned in Slack in #core by whyisjake. View the logs.


9 months ago

#4 @SergeyBiryukov
9 months ago

  • Keywords dev-reviewed added; dev-feedback removed

Looks good.

#5 @whyisjake
9 months ago

  • Owner set to whyisjake
  • Resolution set to fixed
  • Status changed from new to closed

In 48701:

Upgrade/Install: Allow for WordPress.org to remotely disable auto-updates for plugins/themes

As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.

Fixes #50824.
Props dd32, whyisjake, SergeyBiryukov.

#6 @whyisjake
9 months ago

In 48702:

Upgrade/Install: Allow for WordPress.org to remotely disable auto-updates for plugins/themes

As auto-updates are rolled out across WordPress.org, the API response can modulate the response, ensuring that a rolled out could be stalled or staggered if needed for security or performance reasons.

This brings the changes from [48701] to the 5.5 branch.

Fixes #50824.
Props dd32, whyisjake, SergeyBiryukov.

#7 @prbot
9 months ago

whyisjake commented on PR #444:

Merged in r48701 and r48702.

#8 @TimothyBlynJacobs
5 weeks ago

I might be missing something, but it seems like this code does the opposite. If disable_autoupdate is set to true, then it forces the update to be enabled. The code should read as.

        // If the `disable_autoupdate` flag is set, override any user-choice, but allow filters.
       if ( ! empty( $item->disable_autoupdate ) ) {
                    $update = ! $item->disable_autoupdate;
        }

Notice the negation.

#9 @johnbillion
5 weeks ago

I think it's correct. If $item->disable_autoupdate is true then $update gets set to false, which disables the update.

#10 @TimothyBlynJacobs
5 weeks ago

To clarify, the code snippet I shared is what I think the code should read as. The actual code doesn’t have the negation so $update Is set to true.

#11 follow-up: @johnbillion
5 weeks ago

Yoinks. Agreed. Can you open a new ticket?

#12 in reply to: ↑ 11 @TimothyBlynJacobs
5 weeks ago

Replying to johnbillion:

Yoinks. Agreed. Can you open a new ticket?

Yep, opened in #52796.

Note: See TracTickets for help on using tickets.