xxsimoxx / codepotent-update-manager Goto Github PK
View Code? Open in Web Editor NEWPush updates for your ClassicPress plugins and themes from GitHub or other remote sources.
Home Page: https://software.gieffeedizioni.it
Push updates for your ClassicPress plugins and themes from GitHub or other remote sources.
Home Page: https://software.gieffeedizioni.it
The location for the images required in the updating windows is hard-coded in the UpdateClient.class.php file as a folder called images directly inside the plugin folder. Many plugins already have an images folder, typically as a sub-folder in assets. This is actually a more logical place to store them. I suggest this be made more versatile to allow users to set the location that best suits their plugins.
This will make the plugin more adaptable for the different approaches used by developers. It will also stop people (like me) messing with the code.
The modal popup window is missing the "Compatible up to:" version number. The update client file is requesting the current version via an option when the value is actually stored as a transient. This issue doesn't hinder operation of the Update Manager plugin or the update client file, however, it is important for UX. Because this issue lives in the update client file, it will have to be a major version release as that would be a breaking change.
The problematic code:
$this->cp_latest_version = get_option('cp_latest_version', '');
Store and retrieve version string from the correct context by replacing the above-noted code with the following. This solution is not yet tested and will need further study before implementation.
$this->cp_latest_version = get_transient('codepotent_update_manager_cp_version');
if (empty($this->cp_latest_version)) {
$this->cp_latest_version = $this->get_latest_version_number();
}
An end user reported that one of the SVG logo file strings in the constants.php file is flagged as malware by the Shield Security plugin. I have independently verified the behavior.
Certain SVG logo images were base64 encoded to allow inline display without additional requests. While the image strings are not problematic in themselves, end users shouldn't have to receive a security notice just to save a request or two.
The SVG logos can still be used, however, there should be no base64 encoding involved to ensure that false positives are not raised with security plugins.
The plugin currently polls for (its own) updates from codepotent.com. This can now be repointed to the dedicated update server at https://updates.codepotent.com.
The version noted in the footer of the Update Manager plugin is '1.0.0' while the actual version is '1.0.0-rc2'. Not critical, but, not accurate.
Plugin page is loading slow when there are many plugins using Update Manager Client.
In the Update Client get_latest_version_number()
is called for every plugin.
Using a transient (even kept for less than a minute) will lead to just one remote request to https://api-v1.classicpress.net/upgrade/index.php
Here you are changing the default tagline for the whole menu with PHP_INT_MAX
priority, but it also affects plugin (like mine) adding a submenu page to that menu.
A plugin can change this using a higher priority than your.
The Tutor LMS plugin for WordPress needlessly stores an empty array in the postmeta table which interferes with the Update Manager, producing a PHP warning related to htmlspecialchars()
receiving an array instead of the expected string. Plugin operation is not hindered; it's just a warning.
No warnings.
Ensure a string is always encountered in $content
in the render_meta_box_primary
method of the PluginEndpoint
class, as follows.
// Initialization.
$content = '';
if (!empty($identifier)) {
$content = get_post_meta($post->ID, $identifier, true);
}
Class don't work if it is located in the root dir
require_once( 'inc/UpdateClient.class.php' );
require_once( 'UpdateClient.class.php' );
Returns an error (so I know both are loaded)
require_once( 'UpdateClient.class.php' );
No errors, no warnings, just the plugin don't report available updates.
require_once( '/inc/subdir/UpdateClient.class.php' );
No errors, no warnings, just the plugin don't report available updates.
require_once( 'inc/UpdateClient.class.php' );
Works
Same server, PHP 7.3
Line 76 depends on where the file is
'id' => basename(dirname(__DIR__)).'/'.basename(dirname(__DIR__)).'.php'
The plugin throws an error when used with PHP <7.
It looks like the problem is here (in constants definition)
define(__NAMESPACE__.'\PLUGIN_DIRNAME', basename(dirname(__FILE__, 2)));
dirname
support 2 parameters only from PHP 7.
Here the error log:
[Thu Nov 21 14:00:16.265362 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Warning: dirname() expects exactly 1 parameter, 2 given in ...ioni.it/httpdocs/wp-content/plugins/Update-Manager/includes/constants.php on line 48
[Thu Nov 21 14:00:16.267524 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Warning: require_once(...oni.it/httpdocs/wp-content/plugins//includes/functions.php): failed to open stream: No such file or directory in ...ni.it/httpdocs/wp-content/plugins/Update-Manager/codepotent-update-manager.php on line 74
[Thu Nov 21 14:00:16.267540 2019] [fcgid:warn] [pid 24452:tid 139896653768448] [client 78.134.126.128:49868] mod_fcgid: stderr: PHP Fatal error: require_once(): Failed opening required '...ni.it/httpdocs/wp-content/plugins//includes/functions.php' (include_path='.:/usr/share/pear:/opt/plesk/php/5.6/share/pear') in ...ioni.it/httpdocs/wp-content/plugins/Update-Manager/codepotent-update-manager.php on line 74
Switch to PHP 5.6
If just bumping required PHP to 7, please do something like this, because often wp-cli uses PHP 5.6...
if ( ! ( defined( 'WP_CLI' ) && WP_CLI ) ) {
new UpdateManager;
}
Have statistics about installed plugins.
I've already done it, but I want to keep it under tests for a few days before doing a PR.
If you want you can look at it here.
I've tried to keep it almost separate, so I've just added a constant and called the class in the main plugin file. The rest is handled by classes/Statistics.class.html
.
My idea is to have something very simple.
Missing things:
Simone.
I'd like (I've already done) to get statistics about plugin usage, something very basic at the moment. Have you planned this?
If not or not in the near future, with one line of code another plugin can handle that.
This is what I've added just before returning in the function get_request()
in includes/functions.php
$discard_me = apply_filters( 'um-logging', array( 'slug'=>$request["plugin"], 'site'=>$request["site_url"] ) );
Then I'm using this filter to store data in a table and retrive active installs...
Add the ability to view and/or delete the transients related to plugin and theme updates.
The core update page (in ClassicPress) contains a button to "Check Again" for updates. Clicking the button appends ?force-check=1
to the URL in an attempt to force an update check. This works for many cases, however, it does not work if you want to quickly check, check, and recheck for an update. This requested functionality will provide a method of viewing the stored data and a reliable method of forcing the update check, regardless of when the last check occurred.
Add a link to download the plugin/theme in the given list table row.
Improving the user experience by providing more access in the same space.
Extend the plugin to support remote theme updates.
The Update Manager plugin has become the go-to solution for ClassicPress developers to remotely serve plugin updates to their end users. Theme support has been requested a few times and it's a logical progression for the plugin. I guess the secret's out why I previously renamed some portions of the code. I think theme support can now be added without introducing any breaking changes, but, this it will still be rolled out as a major version release.
If there are a number of plugins on one site, all using the Update Manager class, all from the same plugin author, and all making their update check to the same Update Manager installation, it would be great if there was a way for one update check to be made, instead of many, for speed reasons. As far as I can see, this is not currently the case, and a separate check is made by each plugin.
It will be a while before CP v2 is released (the one with the plugin directory), so for now any solution to this probably lies within the Update Manager plugin's codebase.
I realise any solution may not necessarily be easy but I just wanted to put the question "out there" to see if there may be some ingenious way of doing this.
Maybe there could be a way for plugins with the Update Manager class to register themselves in the options table and then the invocation of the update check process would get intercepted and use that data to send a "multi-plugin" JSON request. It could store transients of last update check to avoid repeated checks, or something like that. Not sure if it's that simple since I'm a bit hazy on the update process built into core.
Happy to discuss this on Slack/Forums/here/elsewhere if you'd like.
Allow users to filter the default notification subject and body properties.
The arguments used to generate the custom post type can be pared down quite a bit. The defaults can suffice in most cases. Reinvestigate and strip out needless elements.
// Arguments for the post type.
$args = [
'public' => false,
'publicly_queryable' => false,
'show_in_nav_menus' => false,
'show_in_admin_bar' => true,
'exclude_from_search' => true,
'show_ui' => true,
'show_in_menu' => true,
'menu_position' => apply_filters(PLUGIN_PREFIX.'_menu_pos', null),
'menu_icon' => 'dashicons-update',
'can_export' => true,
'delete_with_user' => false,
'hierarchical' => false,
'has_archive' => false,
'query_var' => false,
'rewrite' => false,
'supports' => ['title'],
'labels' => $labels,
];
When creating a new plugin endpoint, if you omit the endpoint Identifier the Plugin Details are lost when saving.
Plugin Details should be retained and an error presented.
Under which type of environment did you experience this problem?
Desktop
When a user clicks to Delete
a plugin, the popup text reads:
Are you sure you want to delete {plugin name} and its data?
...plugin and data. Therefore, the default behavior for deletion should be to remove the CPT items, associated metadata, comments, options, etc.
A warning is thrown here in the exceptional case (RC1) where the URL is taken from user agent.
The easiest way:
View an endpoint and remove the &site_url=https://xxxx.yyyy.it
part from the URL.
Just []
should be outputted.
As array_pop
takes a reference the line should be split in this way:
$user_agent_array=explode(';', $_SERVER['HTTP_USER_AGENT']);
$site_url = trim(array_pop($user_agent_array));
I've not created a PR because it seems that the repo is not at 1.0.1.
For example to filter the request you have to hook to Update_Manager_filter_request
but in the documentation is written codepotent_update_manager_filter_request
.
Per this forum exchange, add the API version number to the header comment in the update client file.
Unless you look at the code in the constructor, it is not immediately clear which version(s) of the Update Manager plugin the client is supposed to be used with.
When viewing the list of endpoints, the date shown is the Published Date, but it would be (more) useful to have the last edited date visible.
It would also be useful to see the version number.
See at a glance when a plugin was last updated and the version.
The primary PHP file codepotent-update-manager.php
has a couple places where a trailing comma causes issues. @xxsimoxx reports that:
...it triggers an error in WP-CLI, is discovered by phpcs, and incompatible with php < 7.4...
The offending commas are only found in the milestone 2.0.0 branch here and here. These commas will be removed for version 2.0.0.
The menu item should fall naturally into place, or allow for better placement.
There is already a filter in place to change the menu item position. However, a better approach is to let the menu fall into natural position and use the filter to change it from there, as needed.
The Code Potent constants.php file has changed and should be updated.
The new version contains better compatibility with older PHP versions and also has removed the base64-encoded images which were tripping security plugin sensors.
If a plugin (or theme) is saved without a version number in the details editor, the admin row will show an undefined index notice in that column.
If a plugin is loaded to a site when an endpoint hasn't been created the plugins page is very slow to load. However, it currently takes approx. 40 seconds to load.
The plugins page should load in a reasonable time.
Under which type of environment did you experience this problem?
Desktop
Add a filter about here to filter $body
.
It would be interesting to have a way to let the UpdateClient class to communicate with Update Manager passing extra information.
The idea (but this feature request extend it to other possible needs) is to deal with a plugin that allow site admin to opt-out for stats:
see xxsimoxx/stats-for-update-manager#15, ClassicPress/classic-commerce#166.
This way the developer can add a filter to pass extra arguments, like $body['sfum']='no-log'
, that can be handled by UM, SFUM or other companion plugins.
On a site using https, WP_PLUGIN_URL (as used in includes/constants.php) could potentially prevent scripts such as post-edit.js from loading. This will only happen as a result of user error, i.e. if the siteurl
(Settings > General) is set to http instead of https. WP_PLUGIN_URL returns the siteurl
and makes no adjustment for https.
siteurl
to http e.g. http://www.example.comFont should be monospace and links should work.
Using plugins_url()
should get around this problem.
Allow filtering of $data
at the end of the parsed_component_data() function.
Useful for adding/removing/updating arbitrary fields in the parsed data before exposing it to the calling site; particularly helpful for development and testing of Update Manager extensions. Example implementation:
$data = apply_filters(PLUGIN_PREFIX.'_filter_parsed_component_data', $data, $request);
Add the ability to sort on the title, identifier, and date columns when viewing plugin or theme endpoint list tables.
Sorting allows for more versatile views.
If the == Upgrade Notice ==
header is used and there is no actual upgrade notice below it, an array to string conversion error occurs in the tab. Additionally, this tab does not obey markup.
The section can accept markup, including a header and be processed as such in the tab. For display in plugin rows (update and plugin page) the first line of non-header text should be used as the notice.
A warning appears when clicking on "View details" on any plugin using Update Manager (but not on Update Manager itself).
PHP Warning: Use of undefined constant PLUGIN_PREFIX - assumed 'PLUGIN_PREFIX' (this will throw an Error in a future version of PHP) in .../stats-for-update-manager/classes/UpdateClient.class.php on line 565PHP message: PHP Warning: Use of undefined constant PLUGIN_PREFIX - assumed 'PLUGIN_PREFIX' (this will throw an Error in a future version of PHP) in .../stats-for-update-manager/classes/UpdateClient.class.php on line 566
No warnings
If applicable, add screenshots to help explain the problem.
The constants used here are declared in includes/constants.php
.
Adding a text domain to the update client causes the corresponding core texts to not be translated.
The text domains were added in #21 to help prevent problems with PHP sniffers expecting a text domain. As it turns out, this breaks the core translation functionality. Given the choice to go one way or the other, I'll have to go with ensuring the core translation functionality remains intact over adding the text domain to support sniffers. For those who need a text domain, they can just use the same value they are using for their plugin or theme text domain.
The list table in the plugin admin page does not show a link to "View Details" after applying an update. The link shows before the update, just, not after. Such a link isn't a requirement, but, has come to be fairly expected and would be handy for viewing the plugin details.
This link will give users more information about the plugins on which they rely.
H/T: xxsimoxx
The Update Manager plugin uses a CPT identifier plugin_repo
that is used by another updater plugin. While this doesn't cause any catastrophic errors, it should be corrected.
Unique CPT identifier to avoid any confusion.
If the f(x) Updater was previously installed and then the Update Manager is later installed, it will pick up on any orphaned entries and leave the user wondering where they came from when they see a list of entries right after installation. This is confusing and not a great user experience.
Changing the CPT identifier will be a painless solution. The identifier is defined as a constant, so, it's just one quick edit.
When getting started with the remote update process, I had the f(x) Updater plugin installed and had created a bunch of entries. When I decided to write my own plugin for remote updates, I had all those entries already in the database, so, I just mirrored my plugin's CPT to pull those in and save some work. Ha.
H/T: ozfiddler
A section of code in the plugin Details section causes a corrupted version to be saved.
<?php
if (function_exists('azrcrv_urls_get_custom_shortlink')){
printf(' %s', ''.'Shortlink'.'');
}
?>
Plugin Details should save as entered.
Under which type of environment did you experience this problem?
Desktop
At lines 117-120, there's a check for the existence of the class. This can be removed.
This check was added as it wasn't immediately clear if the Transient Inspector features would be shipped with the plugin or released as an extension. Due to a forum discussion and popular consensus, it was decided to include the TransientInspector class in the plugin. The check for existence is no longer (well, actually, never was) applicable.
The plugin_upgrade
method assumes that $args['plugins']
will exist. This can lead to a warning in edge-case scenarios that are probably only likely in development, however, it should be addressed.
No warnings.
Note that these warnings did not prevent the update from occurring, however, it did prevent the alert bubbles from decrementing.
Update the method to first check for existence of the variable.
When a remote plugin makes a request for its current data (ie, for modal windows,) the remote site URL is transmitted back to the Update Manager plugin along with other relevant data. This data, and its usage, should be described on the core Privacy page where the Update Manager is installed.
Providing the details and example text will help developers to understand how they may (or may not) need to update their own privacy policies.
An extra request is made when polling for updates; this can be reduced to a single request by assigning the data (when first polled) to the UpdateClient object and retrieving it from there on subsequent passes.
Performance improvement. @xxsimoxx identified an opportunity to save an HTTP request and submitted his findings via Slack. Go, Simone!
When clicking to auto-complete the text editor (with a fully completed example), the values should be improved to create a "Code Potent" esque listing.
The current insertion produces a decent display, but, the following gist should be used as a model for improvement of the full example and required example insertions as these produce the best looking listing.
This change will negate the need for an FAQ item wondering about how to create a listing "like this one". It should be removed with this implementation.
https://gist.github.com/johnalarcon/db118b4e823cf92dccf2b3fba150957d
Add a filter that allows extension authors to append their own credit link to the view(s) created by their extension(s).
The desire is to keep the interface consistent.
The image path/URL filters allow one plugin to override the header image of another; the alphabetically-last plugin using the filter takes precedence.
Documented in this issue, filed with Classic Commerce, and also discussed on the forum.
Plugins cannot override header images.
This is a bug, but, not considered critical at this time considering that the official ClassicPress Plugin Directory launch is imminent and the vast majority of 3rd party plugin updates will then be handled through the native update process. I'm creating this issue to ensure it is not lost in the mix and it will remain until an appropriate fix is implemented.
Too many space when using H2 (##)
Naming the section "FAQ" results in the word "faq" to be displayed.
You can see those in the screenshots.
I can not understand if it is about Parsedown, but I've tried the latest beta and there is no difference.
Really not important!
When I run the pre-hooks for building my plugin, I throws a warning for these lines in
classes/class-wc-update-client.php
specifically L182-184.
// This will make the jQuery below work with various languages.
$text1 = esc_html__('Compatible up to:');
$text2 = esc_html__('Reviews');
$text3 = esc_html__('Read all reviews');
Was this intentional to have esc_html__
with a missing text domain?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.