[wp-trac] [WordPress Trac] #46938: Prevent activation of incompatible plugins without valid readme.txt
WordPress Trac
noreply at wordpress.org
Wed May 22 23:53:04 UTC 2019
#46938: Prevent activation of incompatible plugins without valid readme.txt
-------------------------------------------------+-------------------------
Reporter: afragen | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Plugins | Version:
Severity: normal | Resolution:
Keywords: servehappy has-patch dev-feedback | Focuses:
needs-testing |
-------------------------------------------------+-------------------------
Comment (by afragen):
Replying to [comment:17 Ipstenu]:
> > I think in time we may choose to require some definitive statement in
the plugin regarding WP and PHP compatibility. Whether that occurs in the
plugin headers and/or a readme.txt hasn’t been determined.
>
> That isn't what I meant. Let me rephrase :)
>
> Are we going to **require** all plugins, be they hosted on WordPress.org
or not, to have PHP compat in headers in order to be activated?
No, we aren’t ready to make this a mandatory requirement. At some future
point I can see this requirement to aid in more completely preventing
plugin PHP fatals for PHP incompatibility.
> The subject of the ticket is "**Prevent activation** of incompatible
plugins without valid readme.txt" (bolding mine)
>
> I took that to mean "If a plugin doesn't have valid headers, do not
activate." And if that's the case, I am firmly against this call. It would
be a terrible experience for users. Non-org plugins don't have readmes.
Home grown plugins often don't. We would do more harm there.
I see this as an either/or choice. The PHP compatibility headers would be
either in a `readme.txt` **or** the plugin headers. At this time there is
no requirement for compatibility headers anywhere. As such if none exist a
plugin is allowed to install, update, and activate.
The current `is_php_version_compatible()` and `is_wp_version_compatible()`
are true if those values evaluate to true via the `version_compare` or if
they don’t exist or are empty. This title was a bit of future guessing
that someday a WP and PHP requirement might actually be required and the
best (IMO) method of allowing this for the most users is the ability to
have this information in the plugin headers.
> I don't have a horse in the race for readme or php files, though based
on what Otto said, PHP sounds smarter in the long run. Especially since
you have to have the headers if you want your plugin to look nice in the
plugins listing :)
The patch only seeks to allow for the `Requires WP` and `Requires PHP`
headers to be utilized by the compatibility tests. Nothing more.
I do agree that a larger discussion about the **requirement** of such
headers for plugin activation, etc. should be had at some point in the
future. Currently I think we shouldn’t penalize anyone for not having the
compatibility requirements noted. It is my opinion that both methods
should continue to be acceptable now, and in the future, as data in the
`readme.txt` and in plugin headers is a well established practice for
WordPress plugins.
@Ipstenu @Otto42 I really appreciate your opinions and expertise in this
area. Thank you for all you do for us in the Plugin Directory.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46938#comment:18>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list