Opened 18 months ago
Closed 18 months ago
#6238 closed defect (bug) (duplicate)
Plugin Directory: Block SVN commits if someone uses the Update URI
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Plugin Directory | Keywords: | |
Cc: |
Description
While we do check for those things on submission, people are silly and forget and add things back in (this is also to answer to: "How did THAT make it past a review!?!").
Can we search the 'main' PHP file for
Update URI:
in the plugin headers? It may have a false positive down the line, but I can't think of who would legit use it in a plugin hosted on .org
Change History (4)
#2
@
18 months ago
@alanfuller You can, yes, but honestly given the potential for problems (someone just had an issue where their plugin won't update because they put it in) and the difficulty in programmatically checking if the URL is valid, it seems more sensible to just say "No, not here please."
Note: See
TracTickets for help on using
tickets.
According to the docs - unless I misunderstand ( in which case they need to be clarified), then it is valid to have Update URI containing https://wordpress.org/plugins/{$slug}/ or https://w.org/plugin/{$slug} uploaded to the repo so these would need to be parsed ( or change the documentation )
https://developer.wordpress.org/plugins/plugin-basics/header-requirements/
https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/