[wp-hackers] Re: Plugin Update Checker

DD32 wordpress at dd32.id.au
Wed Apr 4 12:40:32 GMT 2007


On Wed, 04 Apr 2007 17:11:35 +1000, Viper007Bond <viper at viper007bond.com>  
wrote:

> I disagree. The number of support requests that would come in from users
> complaining that it's not working (due to permissions, server
> configurations, etc.) would be immense, not to mention all files would  
> need to be writable (to be modified by the server) and this is a  
> potential
> security risk.

That can be worked around though. eg: Not allowing the install/upgrade  
functionality to be enabled if it cannot work reliably on the current  
install
The security risk may not be as bad as what you make out, it's currently  
possible for the server to write to files usually, but that could be  
worked around, say by using FTP internally(Which would require to be setup  
when Wordpress is initially installed/plugin installed, but thats

On Wed, 04 Apr 2007 10:57:30 +1000, ozgreg <wphackers at galleryembedded.com>  
wrote:
> Actually I would not agree with the automatic downloading purely because  
> some plugin's (like mine - WPG2) have depend on external applications as  
> well thus suddenly a new version has been automatically rolled in and  
> things no longer work the way they should..

A Requirements section would be added;
Eg: Min Wordpress: 2.1, min PHP: 5.0, Requires Plugin XYZ (min version  
1.2), etc
plugin authors should be able to specify that the plugin is NOT automatic  
upgradable, and that the functionality should be disabled for the plugin

On Wed, 04 Apr 2007 10:57:30 +1000, ozgreg <wphackers at galleryembedded.com>  
wrote:
> Actually I would not agree with the automatic downloading purely because  
> some plugin's (like mine - WPG2) have depend on external applications as  
> well thus suddenly a new version has been automatically rolled in and  
> things no longer work the way they should..

That'd be purely optional for the author to opt-in to that, I'm thinking  
that the end user should be able to forceably override it perhaps,

On Wed, 04 Apr 2007 14:08:17 +1000, ozgreg <wphackers at galleryembedded.com>  
wrote:
> Thinking out loud here, when doing a version check, we should also  
> include in the serialised data any new version requirements, that way we  
> can exclude new notifications if they are not relevant to the current  
> core WP version (please ensure we got a few hooks in this update  
> checking routine so projects like mine can do some additional checking  
> when dealing with external applications versions as well..)

I was planning on including some actions like checkupdate-plugin,  
updaterequirements-plugin, etc, So as well as the update plugin  
controlling that, the plugin authors have got the ability to override it  
if need be.

> If you do not mind, I would also suggest going and chatting to the  
> Gallery2 developers who just went through this exercise with the new  
> Gallery2 2.2 external plugin's library
I'll get in touch in time myself, as well as have a read through some of  
the hurdles that they came up against, and how they were solved.


Dion / DD32
-- 
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/


More information about the wp-hackers mailing list