Making WordPress.org

Changeset 13154


Ignore:
Timestamp:
01/29/2024 02:55:31 AM (12 months ago)
Author:
dd32
Message:

Plugin Directory: Review: When rejecting a plugin, include the reason for the rejection in the initial email to the author.

This will result in less work for plugin reviewers, and plugin developers will get the information at rejection time, rather than shortly there after.

See #5653.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/email/class-plugin-rejected.php

    r13033 r13154  
    44use WordPressdotorg\Plugin_Directory\Tools;
    55
    6 class Plugin_Rejected extends Base {
     6class Plugin_Rejected extends Markdown_Base {
    77    protected $required_args = [
    88        'slug',
     
    1818    }
    1919
    20     function body() {
    21         // NOTE: $this->args['reason'] has rejection reason if applicable.
    22 
    23         /* translators: 1: plugin name, 2: plugin permalink, 3: date of submission, 4: plugins@wordpress.org */
    24         $email_text = __(
    25             'Unfortunately your plugin submission for %1$s (%2$s), submitted on %3$s, has been rejected from the WordPress Plugin Directory.
    26 
    27 Plugins are rejected after three months (90 days) when there has not been significant progress made on the review. If this is not the case for your plugin, you will receive a followup email explaining the reason for this decision within the next 24 hours. Please wait for that email before requesting further details.
    28 
    29 If you believe this to be in error, please email %4$s with your plugin attached as a zip and explain why you feel your plugin should not have been rejected.
    30 
    31 If you\'re still working on your code, don\'t panic. You can reply to the original review (or even this email) with your updated code for as long as needed. Even years. All we ask is you do not resubmit your plugin until asked to do so.',
    32             'wporg-plugins'
    33         );
    34 
    35         return sprintf(
    36             $email_text,
    37             $this->plugin->post_title,
    38             $this->args['slug'],
    39             $this->args['submission_date'],
    40             PLUGIN_TEAM_EMAIL
     20    function markdown() {
     21        $placeholders = [
     22            // Should be first, to allow placeholders in the rejection reasons too.
     23            '###REASON###'          => $this->get_rejection_reason(),
     24            '###NAME###'            => $this->plugin->post_title,
     25            '###SLUG###'            => $this->plugin->post_name,
     26            '###SUBMISSION_DATE###' => $this->args['submission_date'],
     27        ];
     28
     29        /* translators: Text within `#<strong>` should not be translated. */
     30        $template = __(
     31            "Unfortunately your plugin submission for ###NAME### (###SLUG###), submitted on ###SUBMISSION_DATE###, has been rejected from the WordPress Plugin Directory.
     32
     33###REASON###",
     34            'wporg-plugins'
     35        );
     36
     37        $template = str_replace(
     38            array_keys( $placeholders ),
     39            array_values( $placeholders ),
     40            $template
     41        );
     42
     43        return $template;
     44    }
     45
     46    public function get_rejection_reason() {
     47        $reason = $this->args['reason'];
     48        $method = 'reason_' . str_replace( '-', '_', $reason );
     49
     50        if ( ! $reason || ! method_exists( $this, $method ) ) {
     51            $reason = 'other';
     52            $method = 'reason_other';
     53        }
     54
     55        return $this->{$method}();
     56    }
     57
     58    public function reason_3_month() {
     59        return __(
     60            "Your plugin has been rejected because it has been roughly 90 days without significant progress being made on the review we sent, from the email address on record.
     61
     62https://developer.wordpress.org/plugins/wordpress-org/plugin-developer-faq/#why-was-my-plugin-rejected-after-three-months
     63
     64<strong>What to do next</strong>
     65
     66If you no longer wish to have your plugin reviewed, you can simply delete this message. No harm, no foul.
     67
     68If you do want to finish your review, please reply to this email and let us know. If you don't remember where you were with the review, please email us the latest version of your code and we'll review that.
     69
     70<strong>Why this happens</strong>
     71
     72In order to keep the plugin queue manageable, we reject plugins that are not complete after 3 months (90 days). Even with this policy, we have on average 500 plugins waiting on developers to complete their review at any point in time.
     73
     74All plugins are reviewed within 7 working days of submission, but we understand that emails are sometimes lost or accidentally filed as spam, and it's totally possible you never got our previous emails. Another common cause for this is that you replied from a different email address than you submitted it, causing the email chain to be broken.
     75
     76Thankfully, a rejection does not mean we can't go forward. If you want to continue, please just reply and let us know.",
     77            'wporg-plugins'
     78        );
     79    }
     80
     81    public function reason_core_supports() {
     82        return __(
     83            "Your plugin has been rejected because we do not feel it is adding any new functionality to WordPress.
     84
     85Any time your plugin replicates functionality found in WordPress (i.e. the uploader, jquery) is frowned upon, as it presents a possible security risk. The features in WordPress have been tested by many more people than use most plugins, so the built in tools are less likely to have issues.
     86
     87<strong>What to do next</strong>
     88
     89Please read this email in it's entirety. We know it's hurtful to be told we're not hosting your code, and there is always the possibility that we've made a mistake.
     90
     91If you feel that we have, please reply to this email with your plugin zip attached, explain why, and we will re-review.
     92
     93We ask you <strong>not</strong> resubmit the plugin, and reply to this email instead.",
     94            'wporg-plugins'
     95        );
     96    }
     97
     98    public function reason_duplicate_copy() {
     99        return __(
     100            "Your plugin has been rejected because it is a duplicate of another plugin, already hosted on WordPress.org
     101
     102Despite the fact that all plugins in our directory are licensed under the GPL or compatible licenses, we do not allow direct copies of other plugins to be re-listed under somebody else's name. \"Forking\" is acceptable only when the resulting fork is of a substantial nature, or when the original plugin is no longer updated or supported. When this is not the case, the plugin is rejected.
     103
     104<strong>What to do next</strong>
     105
     106We know it can be hurtful to be told we will not host your code, and we ask you consider the following options:
     107
     108- contribute back to the original plugin and improve it
     109- create an add-on to the existing plugin
     110- contribute a translation via the polyglots team - https://make.wordpress.org/polyglots/handbook/rosetta/theme-plugin-directories/
     111- If you feel this rejection was in error, please <strong>reply to this email</strong> with a copy of your code attached and let us know. We will re-review your code and proceed from there.
     112
     113Remember, <strong>do not</strong> resubmit the plugin. If you resubmit the plugin without replying to this email, your account will be suspended.",
     114            'wporg-plugins'
     115        );
     116    }
     117
     118    public function reason_library_or_framework() {
     119        return __(
     120            "Your plugin has been rejected because we no longer accepting frameworks, boilerplates, and libraries as stand-alone plugins.
     121
     122<strong>What to do next</strong>
     123
     124If you feel this was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin is not a library or boilerplate.
     125
     126Before you do so, we ask you take the time to read this email in it's entirety. We know it's hurtful to be told we will not host your code, and this particular subject can be contentious, especially because we used to allow library code.
     127
     128We have chosen not to delete all the existing libraries so we don't break people's sites. However due to a number of reasons (which we will explain below) we do not accepting any <strong>new</strong> ones.
     129
     130This has nothing to do with the quality or purpose of your code. Most of us on the team are fans of libraries and frameworks.
     131
     132<strong>Why these kinds of plugins are not accepted</strong>
     133
     134To explain the terminology here:
     135
     136- <strong>Framework/Boilerplate:</strong> a template from which more code can be built
     137- <strong>Library:</strong> requires other plugins or themes to edit themselves in order to be used
     138
     139We require that plugins be useful in and of themselves (even if only being a portal to an external service). This means that a plugin should either be installed and be fully functional, or it should have some administration panel.
     140
     141https://make.wordpress.org/plugins/2016/03/01/please-do-not-submit-frameworks/
     142
     143When a plugin requires either the plugin itself to be edited to work, or can only be used by writing code elsewhere, it ceases to have as much a benefit to end users and is more of a developer tool.
     144
     145While there are many benefits to frameworks and libraries, WordPress lacks any plugin dependency support at this time, which causes a host of issues.
     146
     147The parade of likely support issues include (but are not limited to):
     148
     149- not recognizing the need for the library or and thinking they've been hacked
     150- not properly forking the boilerplate and editing it in place, resulting in updates erasing code
     151- not recognizing the need for the library plugin, and thus deleting it (causing others to break)
     152- updating the library plugin separately from the dependent plugins, leading to breakage
     153- updating a dependent plugin without updating the library, leading to breakage
     154- different plugins requiring different versions of a library plugin without proper if-exists checks
     155- We feel that libraries should be packaged with each plugin (hopefully in a way that doesn't conflict with other plugins using the libraries). At least until core supports plugin dependencies. Frameworks, in and of themselves, have no place in our directory as they are non-functional templates.
     156
     157If you've gotten all the way down here and still think we should be hosting your code, we ask you not resubmit the plugin, and reply to this email instead.",
     158            'wporg-plugins'
     159        );
     160    }
     161
     162    public function reason_generic() {
     163        return __(
     164            "At this time, we are not accepting plugins of this nature.
     165
     166While the directory is open for all secure, GPLv2 (or later) compatible plugins, we reserve the right to reject any plugin on any grounds we feel are reasonable, whether or not they are explicitly noted in the guidelines.
     167
     168<strong>What to do next</strong>
     169
     170We know that being told we won't host your code is hurtful, and we ask you please read this email in full.
     171
     172If, at the end, you feel this decision was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin should be accepted.
     173
     174<strong>Why these kinds of plugins are not accepted</strong>
     175
     176Plugins that reproduce features that are already included in WordPress, without any perceivable additions, such as (but not limited to) duplication of existing short codes ( [embed] and [gallery] ), widgets (rss feed display), or functionality (adding users), will not be accepted.
     177
     178We do not permit plugins that we feel to be unethical, such as black or grey hat SEO (including plugins that auto post content). Any plugin related to claims like 'Our plugin will help you earn thousands of dollars' will be rejected, as that behavior is scummy and unwelcome.
     179
     180We also do not accept 'translation' plugins, or copies of plugins that are in another language, as that need is best served by communicating with the original plugin. Please reach out to them and provide a translation properly.
     181
     182Plugins with obfuscated (i.e. hidden or encrypted) code will never be accepted.
     183
     184If you've gotten all the way down here and still think we should be hosting your code, we ask you not resubmit the plugin, and reply to this email instead.",
     185            'wporg-plugins'
     186        );
     187    }
     188
     189    public function reason_duplicate() {
     190        return __(
     191            "We have rejected this submission because we do not accept submissions that are new or renamed versions of existing plugins.
     192
     193<strong>What to do next</strong>
     194
     195We understand the desire to rename or rebrand a plugin however there are serious logistical issues involved.
     196
     1971. Read this entire email. There is a lot of information, however it is all important.
     1982. If, after reading this email, you feel your plugin rename should be allowed, please reply to this email and explain your situation.
     199
     200Under <strong>no</strong> circumstances should you resubmit the plugin with the new name. If your situation is approved, we will give you explicit directions on how to proceed. Please do not try to jump ahead. We need you to follow the directions carefully.
     201
     202<strong>If you DID NOT mean to rename…</strong>
     203
     204There is always a possibility you weren't trying to rename, and instead wanted to update your existing plugin. If that's the case, then you can ignore the rest of this email and instead just go ahead and update your plugin using Subversion (AKA SVN)
     205
     206https://developer.wordpress.org/plugins/wordpress-org/how-to-use-subversion/
     207
     208We don't have the ability to do this for you, so you will have to re-learn SVN if you've forgotten
     209
     210<strong>Why Renames Are Problematic</strong>
     211
     212It's important you understand that we do not have the technical ability to rename plugin URLs once they've been approved. That's why, since 2017, we have made every reasonable effort to inform developers as to their plugin permalink before the review.
     213
     214This means the only way to enact something like a rename would be to close your plugin and have you submit a new one. There are significant costs in doing this:
     215
     216- Visitors will see your plugin is closed \"by author request\" and cannot be redirected to the new plugin.
     217- All existing links will point to the closed plugin. You will not have access to update ones outside your control, harming your SEO.
     218- Existing users cannot be automatically updated to the new plugin - the more users you have, the worse this will be.
     219- Users will leave angry 1-star reviews, feeling they've been abused/abandoned, and those reviews will not be removed.
     220- In addition, by asking for a re-submission of an existing plugin your account would be flagged in our system and all future requests will be refused. This would be your one and only chance to rename something.
     221
     222Due to those reasons, we recommend you instead change the plugin Display Name. The majority of users do not care what your permalink is, if they even notice. We do not require your plugin display name match your plugin permalink, so it would be perfectly acceptable to have the permalink 'jumprabbit-apis' but the display name \"Everyone Loves APIs.\"
     223
     224<strong>Accepted Reasons for renames</strong>
     225
     226Of course there are some perfectly valid reasons to ask for a rename, they include but are not limited to:
     227
     228- Trademark owners have come to light and demanded you change the permalink
     229- There is an egregious misspelling in your permalink that fundamentally changes the nature of the plugin
     230- A vulgarity exists in your plugin permalink
     231- Previously unknown legal issues require the change
     232- If your plugin does not meet any of those reasons, then you will have to explain why you should be an exception to policy.
     233
     234If, after reading this, you've decided you don't want to rename the permalink, you don't have to reply to this email. It's fine to just go back to your existing plugin and update it. On the other hand, if you do think your plugin should be renmamed, please reply to this email and explain your situation.
     235
     236Again, <strong>do not</strong> resubmit this plugin. Doing so will result in your account being suspended until you do talk to us about this.",
     237            'wporg-plugins'
     238        );
     239    }
     240
     241    public function reason_wp_cli() {
     242        return __(
     243            "Your plugin has been rejected because we do not currently accept plugins that are only wp-cli add-ons.
     244
     245<strong>What to do next</strong>
     246
     247We understand it is hurtful to be told we will not host your code here. This decision has nothing to do with the quality or purpose of your code, and is solely related to the fact that it is, in fact, a wp-cli add on.
     248
     249We recommend you include this code in your existing plugin instead of as a separate add-on.
     250
     251If you feel this was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin should be hosted here.
     252
     253Before you do so, we ask you take the time to read this email in it's entirety.
     254
     255<strong>Why these kinds of plugins are not accepted</strong>
     256
     257Plugins are required to have some interaction with the blog in a way that is either automatic (eg. activating the plugin allows it to run) or interactive (eg. a settings panel).
     258
     259Command line plugins do not meet that criteria.
     260
     261If you've gotten all the way down here and still think we should be hosting your code, we ask you <strong>not</strong> resubmit the plugin, and reply to this email instead.",
     262            'wporg-plugins'
     263        );
     264    }
     265
     266    public function reason_storefront() {
     267        return __(
     268            "Your plugin has been rejected because we do not currently accept storefront plugins.
     269
     270<strong>What to do next</strong>
     271
     272We understand it is hurtful to be told we will not host your code here. This decision has nothing to do with the quality or purpose of your code, and is solely related to the fact that it is, in fact, a storefront.
     273
     274We recommend you host this on your own service, and make use of self-directed updates for your ongoing support and maintenance.
     275
     276If you feel this was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin should be hosted here.
     277
     278Before you do so, we ask you take the time to read this email in it's entirety.
     279
     280<strong>Why these kinds of plugins are not accepted</strong>
     281
     282Plugins that serve to install plugins and themes from places other than WordPress.org are not permitted due to security and user confusion. Historically they have led to users not understanding from whom they acquired a plugin, and where they should go for help.
     283
     284In addition, if there's a bad update pushed, WordPress is perceived as responsible for any negative outcome.
     285
     286If you've gotten all the way down here and still think we should be hosting your code, we ask you not resubmit the plugin, and reply to this email instead.",
     287            'wporg-plugins'
     288        );
     289    }
     290
     291    public function reason_not_owner() {
     292        return __(
     293            "We have rejected your plugin submission because this does not appear to be your own, original, work.
     294
     295The WordPress plugin submission form is meant for you to host your own, original, plugins on WordPress.org, not to upload plugins to your own blog. Instead, it looks like you tried to upload an existing plugin as if this was your website.
     296
     297<strong>What to do next</strong>
     298
     299Don't panic! It's okay to make this kind of mistake. However, we cannot fix it for you. You have to upload the code to your site, on your own.
     300
     301The good news is we have some documentation to help you:
     302
     303- https://wordpress.org/support/article/managing-plugins/
     304- http://www.wpbeginner.com/beginners-guide/step-by-step-guide-to-install-a-wordpress-plugin-for-beginners/
     305
     306Please <strong>do not</strong> resubmit the plugin, even if you believe we are incorrect.
     307
     308Instead, reply to this email and explain the situation so we can properly direct you forward.
     309
     310If you resubmit this plugin without replying and communicating with us first, your account will be suspended.",
     311            'wporg-plugins'
     312        );
     313    }
     314
     315    public function reason_script_insertion() {
     316        return __(
     317            "Your plugin has been rejected because we are not accepting plugins of this nature in most cases.
     318
     319<strong>What to do next</strong>
     320
     321We understand it is hurtful to be told we will not host your code here and ask you please read this email carefully.
     322
     323You're welcome to submit a different plugin, but we feel that this is a poor choice to submit. Also there are a handful of plugins out there that already handle this, it's preferred you use those instead.
     324
     325If you have any questions, please reply to this email. Otherwise it's okay to just move on to something else.
     326
     327If you feel we've made this decision in error, please reply with a copy of you code attached and explain why you think that is the case.
     328
     329<strong>Why these kinds of plugins are not accepted</strong>
     330
     331Script insertion plugins are amazing and powerful. They're also incredibly dangerous and require a high level understanding of sanitization, security, and usage. These are skills that take years to master. WordPress has a highly complicated tool to insert CSS, and it opts not to handle javascript because of the dangers. PHP is even more complicated.
     332
     333Besides the sanitization issues, allowing arbitrary script insertion leads to users adding scripts that are dangerous without knowing. Users will paste in just anything and your plugin can become the unwitting vector for hacks.
     334
     335This is why WordPress itself allows you to lock people out of being able to edit theme and plugin files directly (via DEFINES that are used by many managed hosts), but also has post-processing checks that verify the site will still function after any changes.
     336
     337Because of those reasons, unless a submission demonstrates a solid understanding of the security and usage issues out of the gate, we reject them.
     338
     339If you've gotten all the way down here and still think we should be hosting your code, we ask you <strong>not</strong> resubmit the plugin, and reply to this email instead.",
     340            'wporg-plugins'
     341        );
     342    }
     343
     344    public function reason_demo() {
     345        return __(
     346            "We have rejected this plugin because it appears to be a demo or test version of a plugin.
     347
     348<strong>What to do next</strong>
     349
     350We know that being told we won't host your code is hurtful, and we ask you please read this email in full.
     351
     352If, at the end, you feel this decision was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin should be accepted.
     353
     354<strong>Why these kinds of plugins are not accepted</strong>
     355
     356We require that all plugins are fully functional and ready to be used when submitted. When someone submits a plugin with the default readme and no customized or useful code, we assume they have accidentally uploaded a boilerplate version of their plugin, or are testing how the upload system works.
     357
     358If it was the former, please double check the zip you're trying to upload for review and resubmit.
     359
     360If it was the latter, we ask you please not use our system for testing. It's harmful to the volunteers to make them sort out real plugins ready for reviews.
     361
     362If you've gotten all the way down here and still think we should be hosting your code, we ask you <strong>not</strong> resubmit the plugin, and reply to this email instead.",
     363            'wporg-plugins'
     364        );
     365    }
     366
     367    public function reason_translation() {
     368        return __(
     369            "We have rejected this submission because we do not accept submissions that are new or translated versions of existing plugins.
     370
     371<strong>What to do next</strong>
     372
     373We understand the desire to make a plugin work in multiple languages, you should not be submitting this as a new plugin.
     374
     375The correct way to handle this would be to make your plugin translatable, so the multiple languages are handled via our system.
     376
     377Some helpful links for you:
     378
     379- https://translate.wordpress.org/projects/meta/plugins/
     380- https://make.wordpress.org/polyglots/handbook/rosetta/theme-plugin-directories/
     381- https://make.wordpress.org/polyglots/handbook/frequently-asked-questions/#as-a-plugintheme-author-how-can-my-translators-get-validation-rights
     382
     383If, after reading this, you feel we have made this judgement in error, please <strong>reply</strong> to this email and explain why.",
     384            'wporg-plugins'
     385        );
     386    }
     387
     388    public function reason_banned() {
     389        return __(
     390            "At this time, we are not accepting this plugin.
     391
     392While the directory is open for all secure, GPLv2 (or later) compatible plugins, we reserve the right to reject any plugin on any grounds we feel are reasonable, whether or not they are explicitly noted in the guidelines.
     393
     394<strong>What to do next</strong>
     395
     396We know that being told we won't host your code is hurtful, and we ask you please read this email in full.
     397
     398If, at the end, you feel this decision was in error, please reply to this email with your plugin attached as a zip and explain why you feel your plugin should be accepted.
     399
     400<strong>Why this plugin was not accepted</strong>
     401
     402This Plugin seems to be associated in some way with a previously banned author.
     403
     404The Plugin Directory is open to everyone who can and will comply with guidelines. When people demonstrate they cannot, or will not, they are no longer welcome as their actions are detrimental to the community and the volunteers who maintain. This extends to people hired to act in their name (i.e. employees, consultants, etc).
     405
     406Banned authors are no longer permitted to host their code on WordPress.org, they are certainly welcome to host their code via other venues and services. We strongly recommend them to invest in software to manage self-updates. There are multiple options available to them outside of our hosting.
     407
     408<strong>Any attempts to circumvent this suspension will be seen as intentionally hostile, and result in further restrictions. Do not make a new account, do not attempt to get around this ban, do not try to hide your identity and resubmit.</strong>
     409
     410If you've gotten all the way down here and still think we should be hosting your code, we ask you not resubmit the plugin, and reply to this email instead.",
     411            'wporg-plugins'
     412        );
     413    }
     414
     415    public function reason_author_request() {
     416        return __(
     417            "We have received a request from the author of this plugin not to continue with the submission.
     418
     419Your submission has been successfully rejected.
     420
     421If, at the end, you feel this decision was in error, please <strong>reply</strong> to this email with your plugin attached as a zip and explain what happened.",
     422            'wporg-plugins'
     423        );
     424    }
     425
     426    public function reason_security() {
     427        return __(
     428            "Your plugin has been rejected because we have serious security concerns regarding this plugin.
     429
     430<strong>What to do next</strong>
     431
     432We understand it is hurtful to be told we will not host your code here and ask you please read this email carefully.
     433
     434You're welcome to submit a different plugin, but we feel that this is a poor choice to submit.
     435
     436If you have any questions, please reply to this email. Otherwise it's okay to just move on to something else.
     437
     438If you feel we've made this decision in error, please reply with a copy of you code attached and explain why you think that is the case.
     439
     440<strong>Why these kinds of plugins are not accepted</strong>
     441
     442Plugins that create, connect users, expose services, allow editing from external platforms and/or enable other types of administrative actions are amazing and powerful. They're also incredibly dangerous and require a high level understanding of sanitization, security, and usage. These are skills that take years to master.
     443
     444To safeguard the security of the WordPress ecosystem, it is best to anticipate and prevent possible attack vectors that could compromise users.
     445
     446Because of those reasons, unless a submission demonstrates a solid understanding of the security and usage issues out of the gate, we reject them.
     447
     448If you've gotten all the way down here and still think we should be hosting your code, we ask you <strong>not</strong> resubmit the plugin, and reply to this email instead.",
     449            'wporg-plugins'
     450        );
     451    }
     452
     453    public function reason_other() {
     454        return __(
     455            "Plugins are rejected after three months (90 days) when there has not been significant progress made on the review. If this is not the case for your plugin, you will receive a followup email explaining the reason for this decision within the next 24 hours. Please wait for that email before requesting further details.
     456
     457If you believe this to be in error, please email us with your plugin attached as a zip and explain why you feel your plugin should not have been rejected.
     458
     459If you're still working on your code, don't panic. You can reply to the original review (or even this email) with your updated code for as long as needed. Even years. All we ask is you do not resubmit your plugin until asked to do so.",
     460            'wporg-plugins'
    41461        );
    42462    }
Note: See TracChangeset for help on using the changeset viewer.