[wp-hackers] Hooking into WP theme/plugin update downloading

Dion Hulse (dd32) wordpress at dd32.id.au
Tue Mar 20 23:57:08 UTC 2012


You've got 2 options: As otto says: Authenticate the install, and on
the transient save hooks, insert url's with a token (Only needs to be
valid for ~12hours).

If that's not good enough, You can hook inside WP_HTTP on
pre_http_request
(http://core.trac.wordpress.org/browser/trunk/wp-includes/class-http.php#L115)
match a specific URL destination, and perform any type of request (You
can even redirect the request to a different server, define https
handling, add oauth headers, whatever, just make sure you respect the
'stream' arguement that's passed to the filter).

basically, add_filter( 'pre_http_request', function() { return
wp_remote_get('http://google.com/'); } ); to redirect ALL outgoing
requests to google..

On 21 March 2012 09:13, Otto <otto at ottodestruct.com> wrote:
> The upgrade code always uses wp_remote_get to get the ZIP file, and
> offers no hooks to change that or modify the parameters to it.
>
> However, this doesn't stop you from returning a different URL for the
> ZIP file to any given requester based on your own criteria. For oauth,
> you could conceivably pass the token in the GET request. Such as
> https://example.com/plugin.zip?auth=abc123 and so on. Then if the auth
> token isn't valid, return a 401 Unauthorized Error to fail the
> download process.
>
> -Otto
>
>
>
> On Tue, Mar 20, 2012 at 4:23 PM, Jeremy Hough <jeremy at digitalbrands.com> wrote:
>> I have a working (and extended) setup of Jeremy Clark's Self-Hosted Plugin
>> Update API (https://github.com/jeremyclark13/automatic-theme-plugin-update).
>> I am setting up my update server to force/require https connections to
>> encrypt transmissions. I am wanting to use oAuth for authentication (and
>> provide access to restricted content).
>>
>> Is there any type of hook in wordpress I can use so that when an update is
>> instantiated, the download behavior can be redefined so that the provided
>> update zip url will be downloaded using an oAuth-signed request?
>>
>> Thanks for any insight,
>>
>> Jeremy Hough
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list