Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#51609 closed defect (bug) (fixed)

Auto update remove custom API data from plugin endpoint.

Reported by: peterwilsoncc's profile peterwilsoncc Owned by: desrosj's profile desrosj
Milestone: 5.6 Priority: normal
Severity: normal Version: 5.5.1
Component: Upgrade/Install Keywords: has-patch
Focuses: administration Cc:


I was testing some of the plugins for AwesomeMotive when I noticed that [48669] in WordPress 5.5.0 breaks backwards compatibility due to a flaw in an intended fix that WordPress had done in the point release.

The change was originally intended to ensure PHP notices would not be thrown by third party plugin updaters if any of the standard plugin update info keys were not set (by then setting that to a default) but instead it has the unintended purpose of stripping additional plugin keys.

In class-wp-plugins-list-table.php and class-wp-debug-data.php the plugins auto-update routine uses array_intersect_key() instead of wp_parse_args() to merge API response data with the default values.

This removes any custom values from the plugin's update API response when displaying the enable/disable link and displaying debug data in the site health check.

Many plugin updates add additional plugin data keys to the response this can cause issues. Further, this also breaks the ability for testing of patches for WordPress core/meta, as, for example, the patch to add a requires_wp header (to allow plugins to declare a minimum WP version) can no longer be fully tested since its stripped out.

With this patch, I've changed it from using an array_intersect_key() to the standard WordPress function for ensuring default array keys are present wp_parse_args() which both preserves the originally intended protection from missing keys while fixing the breakage caused by the patch that was merged.

Attachments (1)

51609.diff (1.3 KB) - added by peterwilsoncc 3 years ago.

Download all attachments as: .zip

Change History (8)

3 years ago

#1 @chriscct7
3 years ago

  • Focuses administration added
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 5.5.3

Tested the patch and it works for me.

#2 @hellofromTonya
3 years ago

  • Milestone changed from 5.5.3 to 5.6

5.5.3 shipped last week. Not planning another 5.5 minor release. Instead, moving this ticket into 5.6.

This ticket was mentioned in Slack in #core by hellofromtonya. View the logs.

3 years ago

#4 @audrasjb
3 years ago

Indeed, the patch makes sense to me.
It applies cleanly and the is no change on the current behavior.

Good to go on my side :)

#5 @hellofromTonya
3 years ago

  • Keywords commit added

Thanks @audrasjb and @chriscct7 for testing. This ticket is ready for commit.

#6 @desrosj
3 years ago

  • Keywords commit removed
  • Owner set to desrosj
  • Status changed from new to reviewing

#7 @desrosj
3 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 49477:

Upgrade/Install: Prevent removal of additional data from plugin update info.

This switches to using wp_parse_args() instead of a combination of array_merge() and array_intersect_key() when ensuring that all expected default keys are present in the update information for a plugin.

This prevents non-default data returned by 3rd-party plugins from being unintentionally stripped out.

Props peterwilsoncc, chriscct7.
Fixes #51609.

Note: See TracTickets for help on using tickets.