[wp-hackers] Pre-upgrade and post upgrade hooks

wordpress at santosj.name wordpress at santosj.name
Tue Jan 8 06:51:19 GMT 2008


I've written a couple of patches for adding the pre-upgrade and post
upgrade hooks [1]. However, I'm unsure what the requirements are for
inclusion into the core.

My personal goal is so that adding the hooks does not prevent nor break
the upgrade process for the user. Some tests were not comforting in this
regard.

The issue I have is that if a plugin breaks, it is most likely not going
to be during the upgrade or pre-upgrade stage. Therefore the protection is
not exactly needed. If a plugin is poorly written it will fail the entire
WordPress execution anyway.

Also, there are checks before activating a plugin that make sure that the
plugin works.

The way I can see around it is having a hidden second and fourth upgrade
step in between the upgrade third step.

1. User clicks on upgrade link.
2. Active Plugins are sandboxed and called one after the other with their
preupgrade hook. The results are saved and serialized in the session or
cookie. (Accept only bool and null values)
3. Run Upgrade.
4. Run Post Upgrade hook with sandboxed plugins and give the post-upgrade
hooks the value returned from the pre-upgrade hook.
5. Display Finished status.

With the current plugins, there is only three steps.

1. User clicks on the upgrade link.
2. Pre-upgrade hook is called and results stored. Upgrade is performed.
Post Upgrade hook is called with results from pre-upgrade passed to the
post upgrade plugin hook.
3. Finished page is displayed.

The current implement is far easier than the one I would feel happy with,
but will most likely not implement.

The question is probably should be trust plugin authors to do the right
thing and not try to screw with us during the upgrade process? Or does
possible hacker advantage trump the inclusion to core?

I would very much like to see the ticket inclusion as well as the
pre-activation hook [2] (without the plugin_data filter).

[1] http://trac.wordpress.org/ticket/2927
[2] http://trac.wordpress.org/ticket/4048

Jacob Santos



More information about the wp-hackers mailing list