[wp-hackers] Auto Update Plugins

Heiko Rabe heiko.rabe at code-styling.de
Tue Feb 17 23:15:03 GMT 2009

Otto schrieb:
> On Tue, Feb 17, 2009 at 3:59 PM, Doug Smith <doug at smithsrus.com> wrote:
>> That may be a mute point because permissions would likely need to be set for
>> a plugin data folder anyway. The uploads folder contains pictures and such
>> that, by design, are to be shared with the world. However, plugin data being
>> viewable by the world could have security implications. I certainly wouldn't
>> want that folder readable through the Web server like the upload folder
>> needs to be.
> Perhaps we need to better define what this plugins-data is, exactly,
> because I cannot think of a legitimate case where you'd:
> a) have a plugin that needs to store files somewhere such that the
> user can upload them or otherwise modify them, and
> b) those files should not be world-readable over the webserver.
> Can we come up with some specific use cases here before deciding how
> to implement it? What is this "plugin-data"? The main case I was
> thinking of was plugins that have customizable CSS files or IMG files
> which affect the output of the plugin.
> -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
I think, this problem is much more general as discussed for now.
Let me give you an example not named yet: language files (*.mo / *.po)
If a plugin hosts them, they get lost or overwritten, if the plugin 
replaces the complete folder content.
Furthermore i would loose the special customization of terms inside done 
for customers as example.
 From language file prospective there are 3 ways avoid it:
1.) keep the current language file(s) as is during update of plugin and 
ask afterwards by GUI for replacement
2.) store all plugin language file(s) at the wp-content/languages folder 
too (forces the function load_plugin_textdomain to become obsolete)
3.) create subfolders at wp-content/languages for plugins and themes to 
store there the files (requires also named language files for themes and 
not only locale, function load_theme_domain becomes obsolete too).

The points discussed until now still remain too, a more sophisticated 
solution for all those files will be needed.

More information about the wp-hackers mailing list