Description

Constants will be undefined when the class is used alone.
PLUGIN_PREFIX is used here and here

Additional Context

It is just related to milestone 2.0.0 branch.

Description

The location for the images required in the updating windows is hard-coded in the UpdateClient.class.php file as a folder called images directly inside the plugin folder. Many plugins already have an images folder, typically as a sub-folder in assets. This is actually a more logical place to store them. I suggest this be made more versatile to allow users to set the location that best suits their plugins.

Context

This will make the plugin more adaptable for the different approaches used by developers. It will also stop people (like me) messing with the code.

Description

The modal popup window is missing the "Compatible up to:" version number. The update client file is requesting the current version via an option when the value is actually stored as a transient. This issue doesn't hinder operation of the Update Manager plugin or the update client file, however, it is important for UX. Because this issue lives in the update client file, it will have to be a major version release as that would be a breaking change.

The problematic code:

$this->cp_latest_version = get_option('cp_latest_version', '');

Solution

Store and retrieve version string from the correct context by replacing the above-noted code with the following. This solution is not yet tested and will need further study before implementation.

$this->cp_latest_version = get_transient('codepotent_update_manager_cp_version');
if (empty($this->cp_latest_version)) {
	$this->cp_latest_version = $this->get_latest_version_number();
}

Description

An end user reported that one of the SVG logo file strings in the constants.php file is flagged as malware by the Shield Security plugin. I have independently verified the behavior.

Steps to Reproduce

1. Scan site with Shield Security with strict settings.
2. One or more image strings are flagged.

Additional Context

Certain SVG logo images were base64 encoded to allow inline display without additional requests. While the image strings are not problematic in themselves, end users shouldn't have to receive a security notice just to save a request or two.

Proposed Solution

The SVG logos can still be used, however, there should be no base64 encoding involved to ensure that false positives are not raised with security plugins.

Description

The plugin currently polls for (its own) updates from codepotent.com. This can now be repointed to the dedicated update server at https://updates.codepotent.com.

Description

The version noted in the footer of the Update Manager plugin is '1.0.0' while the actual version is '1.0.0-rc2'. Not critical, but, not accurate.

Description

Plugin page is loading slow when there are many plugins using Update Manager Client.

Context

In the Update Client get_latest_version_number() is called for every plugin.
Using a transient (even kept for less than a minute) will lead to just one remote request to https://api-v1.classicpress.net/upgrade/index.php

Description

Here you are changing the default tagline for the whole menu with PHP_INT_MAX priority, but it also affects plugin (like mine) adding a submenu page to that menu.

Expected Behavior

A plugin can change this using a higher priority than your.

Description

The Tutor LMS plugin for WordPress needlessly stores an empty array in the postmeta table which interferes with the Update Manager, producing a PHP warning related to htmlspecialchars() receiving an array instead of the expected string. Plugin operation is not hindered; it's just a warning.

Steps to Reproduce

1. Install both Update Manager and Tutor LMS.
2. Click to create new update endpoint.
3. See error onscreen or in logs.

Expected Behavior

No warnings.

Proposed Solution

Ensure a string is always encountered in $content in the render_meta_box_primary method of the PluginEndpoint class, as follows.

		// Initialization.
		$content = '';
		if (!empty($identifier)) {
			$content = get_post_meta($post->ID, $identifier, true);
		}

Bug Description

Class don't work if it is located in the root dir

Steps to Reproduce

require_once( 'inc/UpdateClient.class.php' );
require_once( 'UpdateClient.class.php' );

Returns an error (so I know both are loaded)

require_once( 'UpdateClient.class.php' );

No errors, no warnings, just the plugin don't report available updates.

require_once( '/inc/subdir/UpdateClient.class.php' );

No errors, no warnings, just the plugin don't report available updates.

Expected Behavior

require_once( 'inc/UpdateClient.class.php' );

Works

Context

Same server, PHP 7.3

Possible workaround

Line 76 depends on where the file is
'id' => basename(dirname(__DIR__)).'/'.basename(dirname(__DIR__)).'.php'

Bug Description

The plugin throws an error when used with PHP <7.
It looks like the problem is here (in constants definition)
define(__NAMESPACE__.'\PLUGIN_DIRNAME', basename(dirname(__FILE__, 2)));
dirname support 2 parameters only from PHP 7.

Here the error log:

[Thu Nov 21 14:00:16.265362 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Warning:  dirname() expects exactly 1 parameter, 2 given in ...ioni.it/httpdocs/wp-content/plugins/Update-Manager/includes/constants.php on line 48
[Thu Nov 21 14:00:16.267524 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Warning:  require_once(...oni.it/httpdocs/wp-content/plugins//includes/functions.php): failed to open stream: No such file or directory in ...ni.it/httpdocs/wp-content/plugins/Update-Manager/codepotent-update-manager.php on line 74
[Thu Nov 21 14:00:16.267540 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Fatal error:  require_once(): Failed opening required '...ni.it/httpdocs/wp-content/plugins//includes/functions.php' (include_path='.:/usr/share/pear:/opt/plesk/php/5.6/share/pear') in ...ioni.it/httpdocs/wp-content/plugins/Update-Manager/codepotent-update-manager.php on line 74

Steps to Reproduce

Switch to PHP 5.6

Possible solution

If just bumping required PHP to 7, please do something like this, because often wp-cli uses PHP 5.6...

if ( ! ( defined( 'WP_CLI' ) && WP_CLI ) ) {
	new UpdateManager;
}

Description

Have statistics about installed plugins.
I've already done it, but I want to keep it under tests for a few days before doing a PR.
If you want you can look at it here.

I've tried to keep it almost separate, so I've just added a constant and called the class in the main plugin file. The rest is handled by classes/Statistics.class.html.
My idea is to have something very simple.

Missing things:

• Hash the remote url (left in plain text just for better testing)
• Documentation
• GPDR notes
• Some variables left around that need discussion
• Discuss if populating the active installations filter

Simone.

Feature Description

I'd like (I've already done) to get statistics about plugin usage, something very basic at the moment. Have you planned this?

If not or not in the near future, with one line of code another plugin can handle that.
This is what I've added just before returning in the function get_request() in includes/functions.php

$discard_me = apply_filters( 'um-logging', array( 'slug'=>$request["plugin"], 'site'=>$request["site_url"] ) );

Then I'm using this filter to store data in a table and retrive active installs...

Description

Add the ability to view and/or delete the transients related to plugin and theme updates.

Context

The core update page (in ClassicPress) contains a button to "Check Again" for updates. Clicking the button appends ?force-check=1 to the URL in an attempt to force an update check. This works for many cases, however, it does not work if you want to quickly check, check, and recheck for an update. This requested functionality will provide a method of viewing the stored data and a reliable method of forcing the update check, regardless of when the last check occurred.

Description

Add a link to download the plugin/theme in the given list table row.

Context

Improving the user experience by providing more access in the same space.

Description

Extend the plugin to support remote theme updates.

Context

The Update Manager plugin has become the go-to solution for ClassicPress developers to remotely serve plugin updates to their end users. Theme support has been requested a few times and it's a logical progression for the plugin. I guess the secret's out why I previously renamed some portions of the code. I think theme support can now be added without introducing any breaking changes, but, this it will still be rolled out as a major version release.

Description

If there are a number of plugins on one site, all using the Update Manager class, all from the same plugin author, and all making their update check to the same Update Manager installation, it would be great if there was a way for one update check to be made, instead of many, for speed reasons. As far as I can see, this is not currently the case, and a separate check is made by each plugin.

Context

It will be a while before CP v2 is released (the one with the plugin directory), so for now any solution to this probably lies within the Update Manager plugin's codebase.
I realise any solution may not necessarily be easy but I just wanted to put the question "out there" to see if there may be some ingenious way of doing this.
Maybe there could be a way for plugins with the Update Manager class to register themselves in the options table and then the invocation of the update check process would get intercepted and use that data to send a "multi-plugin" JSON request. It could store transients of last update check to avoid repeated checks, or something like that. Not sure if it's that simple since I'm a bit hazy on the update process built into core.

Happy to discuss this on Slack/Forums/here/elsewhere if you'd like.

Description

Allow users to filter the default notification subject and body properties.

Description

The arguments used to generate the custom post type can be pared down quite a bit. The defaults can suffice in most cases. Reinvestigate and strip out needless elements.

Steps to Reproduce

// Arguments for the post type.
$args = [
	'public'              => false,
	'publicly_queryable'  => false,
	'show_in_nav_menus'   => false,
	'show_in_admin_bar'   => true,
	'exclude_from_search' => true,
	'show_ui'             => true,
	'show_in_menu'        => true,
	'menu_position'       => apply_filters(PLUGIN_PREFIX.'_menu_pos', null),
	'menu_icon'           => 'dashicons-update',
	'can_export'          => true,
	'delete_with_user'    => false,
	'hierarchical'        => false,
	'has_archive'         => false,
	'query_var'           => false,
	'rewrite'             => false,
	'supports'            => ['title'],
	'labels'              => $labels,
];

Description

When creating a new plugin endpoint, if you omit the endpoint Identifier the Plugin Details are lost when saving.

Steps to Reproduce

1. Create a new plugin endpoint.
2. Enter a name.
3. Leave the Endpoint Identifier blank.
4. Enter Plugin Details.
5. Hit Update.
6. See blank Plugin Details.

Expected Behavior

Plugin Details should be retained and an error presented.

Environment

Under which type of environment did you experience this problem?

Desktop

• Operating System: Windows 10
• Browser & Version: Vivaldi 2.10.1745.27 (Stable channel) (64-bit)

Description

When a user clicks to Delete a plugin, the popup text reads:

Are you sure you want to delete {plugin name} and its data?

...plugin and data. Therefore, the default behavior for deletion should be to remove the CPT items, associated metadata, comments, options, etc.

Description

A warning is thrown here in the exceptional case (RC1) where the URL is taken from user agent.

Steps to Reproduce

The easiest way:
View an endpoint and remove the &site_url=https://xxxx.yyyy.it part from the URL.

Expected Behavior

Just [] should be outputted.

Possible fix:

As array_pop takes a reference the line should be split in this way:

$user_agent_array=explode(';', $_SERVER['HTTP_USER_AGENT']);
$site_url = trim(array_pop($user_agent_array));

I've not created a PR because it seems that the repo is not at 1.0.1.

Description

For example to filter the request you have to hook to Update_Manager_filter_request but in the documentation is written codepotent_update_manager_filter_request.

Description

Per this forum exchange, add the API version number to the header comment in the update client file.

Context

Unless you look at the code in the constructor, it is not immediately clear which version(s) of the Update Manager plugin the client is supposed to be used with.

Description

When viewing the list of endpoints, the date shown is the Published Date, but it would be (more) useful to have the last edited date visible.

It would also be useful to see the version number.

Context

See at a glance when a plugin was last updated and the version.

Description

The primary PHP file codepotent-update-manager.php has a couple places where a trailing comma causes issues. @xxsimoxx reports that:

...it triggers an error in WP-CLI, is discovered by phpcs, and incompatible with php < 7.4...

The offending commas are only found in the milestone 2.0.0 branch here and here. These commas will be removed for version 2.0.0.

Feature Description

The menu item should fall naturally into place, or allow for better placement.

Context

There is already a filter in place to change the menu item position. However, a better approach is to let the menu fall into natural position and use the filter to change it from there, as needed.

Description

The Code Potent constants.php file has changed and should be updated.

Context

The new version contains better compatibility with older PHP versions and also has removed the base64-encoded images which were tripping security plugin sensors.

Description

If a plugin (or theme) is saved without a version number in the details editor, the admin row will show an undefined index notice in that column.

Description

If a plugin is loaded to a site when an endpoint hasn't been created the plugins page is very slow to load. However, it currently takes approx. 40 seconds to load.

Steps to Reproduce

1. Create plugin integrated with update client.
2. Upload to site.
3. Load plugins page.

Expected Behavior

The plugins page should load in a reasonable time.

Environment

Under which type of environment did you experience this problem?

Desktop

• Operating System: Windows 10
• Browser & Version: Vivaldi 2.10

Description

Add a filter about here to filter $body.

Context

It would be interesting to have a way to let the UpdateClient class to communicate with Update Manager passing extra information.
The idea (but this feature request extend it to other possible needs) is to deal with a plugin that allow site admin to opt-out for stats:
see xxsimoxx/stats-for-update-manager#15, ClassicPress/classic-commerce#166.
This way the developer can add a filter to pass extra arguments, like $body['sfum']='no-log', that can be handled by UM, SFUM or other companion plugins.

Description

On a site using https, WP_PLUGIN_URL (as used in includes/constants.php) could potentially prevent scripts such as post-edit.js from loading. This will only happen as a result of user error, i.e. if the siteurl (Settings > General) is set to http instead of https. WP_PLUGIN_URL returns the siteurl and makes no adjustment for https.

Steps to Reproduce

1. Use a https site e.g. https://www.example.com
2. Go to Settings > General and set siteurl to http e.g. http://www.example.com
3. In update manager, edit any endpoint
4. You should see that the font is not set to monospace in the textarea and that the links don't work.

Expected Behavior

Font should be monospace and links should work.

Screenshots

Additional Context

Using plugins_url() should get around this problem.

Description

Allow filtering of $data at the end of the parsed_component_data() function.

Context

Useful for adding/removing/updating arbitrary fields in the parsed data before exposing it to the calling site; particularly helpful for development and testing of Update Manager extensions. Example implementation:

$data = apply_filters(PLUGIN_PREFIX.'_filter_parsed_component_data', $data, $request);

Description

Add the ability to sort on the title, identifier, and date columns when viewing plugin or theme endpoint list tables.

Context

Sorting allows for more versatile views.

Description

If the == Upgrade Notice == header is used and there is no actual upgrade notice below it, an array to string conversion error occurs in the tab. Additionally, this tab does not obey markup.

Expected Behavior

The section can accept markup, including a header and be processed as such in the tab. For display in plugin rows (update and plugin page) the first line of non-header text should be used as the notice.

Description

A warning appears when clicking on "View details" on any plugin using Update Manager (but not on Update Manager itself).

PHP Warning:  Use of undefined constant PLUGIN_PREFIX - assumed 'PLUGIN_PREFIX' (this will throw an Error in a future version of PHP) in .../stats-for-update-manager/classes/UpdateClient.class.php on line 565PHP message: PHP Warning:  Use of undefined constant PLUGIN_PREFIX - assumed 'PLUGIN_PREFIX' (this will throw an Error in a future version of PHP) in .../stats-for-update-manager/classes/UpdateClient.class.php on line 566

Steps to Reproduce

1. Go to plugin screen
2. Click on View details on a plugin using the new class

Expected Behavior

No warnings

Screenshots

If applicable, add screenshots to help explain the problem.

Additional Context

The constants used here are declared in includes/constants.php.

Description

Adding a text domain to the update client causes the corresponding core texts to not be translated.

Context

The text domains were added in #21 to help prevent problems with PHP sniffers expecting a text domain. As it turns out, this breaks the core translation functionality. Given the choice to go one way or the other, I'll have to go with ensuring the core translation functionality remains intact over adding the text domain to support sniffers. For those who need a text domain, they can just use the same value they are using for their plugin or theme text domain.

Feature Description

The list table in the plugin admin page does not show a link to "View Details" after applying an update. The link shows before the update, just, not after. Such a link isn't a requirement, but, has come to be fairly expected and would be handy for viewing the plugin details.

Context

This link will give users more information about the plugins on which they rely.

H/T: xxsimoxx

The Update Manager plugin uses a CPT identifier plugin_repo that is used by another updater plugin. While this doesn't cause any catastrophic errors, it should be corrected.

Expected behavior

Unique CPT identifier to avoid any confusion.

Current behavior

If the f(x) Updater was previously installed and then the Update Manager is later installed, it will pick up on any orphaned entries and leave the user wondering where they came from when they see a list of entries right after installation. This is confusing and not a great user experience.

Possible solution

Changing the CPT identifier will be a painless solution. The identifier is defined as a constant, so, it's just one quick edit.

Context

When getting started with the remote update process, I had the f(x) Updater plugin installed and had created a bunch of entries. When I decided to write my own plugin for remote updates, I had all those entries already in the database, so, I just mirrored my plugin's CPT to pull those in and save some work. Ha.

H/T: ozfiddler

Description

A section of code in the plugin Details section causes a corrupted version to be saved.

Steps to Reproduce

1. Create new plugin endpoint.
2. Enter plugin details contain code similar to this:

<?php
	if (function_exists('azrcrv_urls_get_custom_shortlink')){
		printf(' %s', ''.'Shortlink'.'');
	}
	?>

3. Click Update
4. See corrupted plugin details.

Expected Behavior

Plugin Details should save as entered.

Screenshots

Environment

Under which type of environment did you experience this problem?

Desktop

• Operating System: Windows 10
• Browser & Version: Vivaldi 2.10.1745.27 (Stable channel) (64-bit)

Description

At lines 117-120, there's a check for the existence of the class. This can be removed.

Context

This check was added as it wasn't immediately clear if the Transient Inspector features would be shipped with the plugin or released as an extension. Due to a forum discussion and popular consensus, it was decided to include the TransientInspector class in the plugin. The check for existence is no longer (well, actually, never was) applicable.

Description

The plugin_upgrade method assumes that $args['plugins'] will exist. This can lead to a warning in edge-case scenarios that are probably only likely in development, however, it should be addressed.

Steps to Reproduce

1. For a plugin that contains the UpdateClient.class.php file, change the version number in the plugin header via FTP. Do not deactivate the plugin prior to this.
2. Check for and apply the expected update.
3. Note the warnings.

Expected Behavior

No warnings.

Additional Context

Note that these warnings did not prevent the update from occurring, however, it did prevent the alert bubbles from decrementing.

Solution

Update the method to first check for existence of the variable.

Feature Description

When a remote plugin makes a request for its current data (ie, for modal windows,) the remote site URL is transmitted back to the Update Manager plugin along with other relevant data. This data, and its usage, should be described on the core Privacy page where the Update Manager is installed.

Context

Providing the details and example text will help developers to understand how they may (or may not) need to update their own privacy policies.

Description

An extra request is made when polling for updates; this can be reduced to a single request by assigning the data (when first polled) to the UpdateClient object and retrieving it from there on subsequent passes.

Context

Performance improvement. @xxsimoxx identified an opportunity to save an HTTP request and submitted his findings via Slack. Go, Simone!

Description

When clicking to auto-complete the text editor (with a fully completed example), the values should be improved to create a "Code Potent" esque listing.

Context

The current insertion produces a decent display, but, the following gist should be used as a model for improvement of the full example and required example insertions as these produce the best looking listing.

Additional

This change will negate the need for an FAQ item wondering about how to create a listing "like this one". It should be removed with this implementation.

https://gist.github.com/johnalarcon/db118b4e823cf92dccf2b3fba150957d

Description

Add a filter that allows extension authors to append their own credit link to the view(s) created by their extension(s).

Context

The desire is to keep the interface consistent.

Description

The image path/URL filters allow one plugin to override the header image of another; the alphabetically-last plugin using the filter takes precedence.

Steps to Reproduce

Documented in this issue, filed with Classic Commerce, and also discussed on the forum.

Expected Behavior

Plugins cannot override header images.

Additional Context

This is a bug, but, not considered critical at this time considering that the official ClassicPress Plugin Directory launch is imminent and the vast majority of 3rd party plugin updates will then be handled through the native update process. I'm creating this issue to ensure it is not lost in the mix and it will remain until an appropriate fix is implemented.

Description

Too many space when using H2 (##)
Naming the section "FAQ" results in the word "faq" to be displayed.
You can see those in the screenshots.

Steps to Reproduce

1. Use the plugin-details.txt in a plugin

plugin-details.txt

Screenshots

Additional Context

I can not understand if it is about Parsedown, but I've tried the latest beta and there is no difference.

Really not important!

Description

When I run the pre-hooks for building my plugin, I throws a warning for these lines in
classes/class-wc-update-client.php specifically L182-184.

// This will make the jQuery below work with various languages.
$text1 = esc_html__('Compatible up to:');
$text2 = esc_html__('Reviews');
$text3 = esc_html__('Read all reviews');

Was this intentional to have esc_html__ with a missing text domain?

Description

This line I think that should be

$anchor_text = esc_html__('View details', 'codepotent-update-manager');
and not
$anchor_text = esc_html('View details', 'codepotent-update-manager');

With or without text domain (issue #21).