[wp-hackers] Plugin Privacy Option (was Revisiting phone home and privacy)

Jeremy Clarke jer at simianuprising.com
Mon Dec 14 14:56:23 UTC 2009

On Sun, Dec 13, 2009 at 11:29 PM, Stephen Rider
<wp-hackers at striderweb.com> wrote:
> On Dec 13, 2009, at 6:03 PM, Doug Stewart wrote:
>> What about this: what if you added a Plugin-Update-URI header field to
>> plugins and themes? Themes or plugins without an explicitly-defined URI
>> would default to checking api.wordpress.org while plugin/theme devs that
>> don't (for whatever reasons) want to use the .org hosting environment can
>> host their own updates. Then, we could supply the necessary info for 3rd
>> parties to implement the expected return values from the update API and then
>> they, too, could take advantage of the internal WordPress upgrade checking,
>> further reducing ways that individual blogs can be compromised.
> My plugin code notwithstanding, I like Doug's idea a lot.

It's a good idea too, though part of a bigger plan. The plugin code
that achieves the same thing is much more likely to be a solution :)

> add_filter( 'option_update_plugins', 'filter_get_update_plugins' );
> add_filter( 'transient_update_plugins', 'filter_get_update_plugins' ); // for cached data
> function filter_get_update_plugins( $data ) {
>        unset( $data->response['myplugin/myplugin.php'] );
>        return $data;
> }

Has anyone created a Codex page about this whole issue? It would be
good to have this code there. Anyone with strong feelings about the
issue want to put one together? It could have sections explaining each
part of the update process and have ways of circumventing each:
Sending url, sending server info, sending plugins list.

Jeremy Clarke
Code and Design | globalvoicesonline.org

More information about the wp-hackers mailing list