Making WordPress.org

Opened 10 months ago

Last modified 5 days ago

#7057 new enhancement

Make / plugin API for closed plugins that are no longer available

Reported by: ramon-fincken's profile ramon fincken Owned by:
Milestone: Priority: normal
Component: API Keywords: needs-patch dev-feedback
Cc:

Description

when we visit for instance https://wordpress.org/plugins/delete-all-comments/#description
It will tell you this "This plugin has been closed and is no longer available for download."
However ..
visiting the wordpress.org API -> https://api.wordpress.org/plugins/info/1.0/delete-all-comments/
shows
"Plugin not found."
Why not
1) at least show a message here that is the same as on the plugin website ?
-> Task for Make

  • This ticket

2) also show this in WP->tools and/or WP->plugins and/or WP->dashboard
-> Task for Core (plugins/API).
Because .. right now , if you have such a plugin installed, and you do not visit the wordpress.org page for that plugin. You have *no* knowledge of this data/info at all.

Change History (10)

#1 follow-up: @dd32
10 months ago

The 1.0 APIs won't change in their behaviour, although the latest version variant possibly could.

For the core ticket, this would likely be best implemented via the update-check API rather than through the info endpoints.

This ticket was mentioned in Slack in #meta by oglekler. View the logs.


8 months ago

#3 in reply to: ↑ 1 @Michi91
8 months ago

  • Keywords dev-feedback added
  • Type changed from defect (bug) to enhancement

Replying to dd32:

The 1.0 APIs won't change in their behaviour, although the latest version variant possibly could.

For the core ticket, this would likely be best implemented via the update-check API rather than through the info endpoints.

I'd love to put some work in this, but the update-check API seems to be closed source :-/

#4 @Michi91
8 months ago

Maybe also take a view at the video: https://www.youtube.com/live/CkVOyXBP970?feature=share&t=20854 where @oliversild talked about this issue at WCEU 2023

The idea is not only to display "This plugin has been closed and is no longer available for download." etc., but in future maybe also other maintenance informations like author submitted EOL date, keep that in mind while designing :)

Last edited 8 months ago by Michi91 (previous) (diff)

This ticket was mentioned in Slack in #meta by michi91. View the logs.


8 months ago

#7 follow-up: @eclev91
6 months ago

@dd32 What has historically been the process by which that API is updated and versioned?

I assume the first steps here would be to outline what changes would be required to the result schema. At minimum, I think adding a status field that is simply text would be a good start. But that could also be an array including some kind of status shorthand/slug, a human-readable message, and an effective date if applicable.

Without more information about how the back end of the plugin repository and existing API work, it's hard to propose anything firmer, and nothing on which to base a PR.

#8 in reply to: ↑ 7 @dd32
5 months ago

Replying to eclev91:

@dd32 What has historically been the process by which that API is updated and versioned?

The version only really changes when the operation of the API changes in a significant way, which would be otherwise improperly handled by WordPress core (Ignoring 3rd-party clients for the most part).

This probably wouldn't justify a version bump, if it would be an additional field being present within the JSON returned.

Without more information about how the back end of the plugin repository and existing API work, it's hard to propose anything firmer, and nothing on which to base a PR.

The best way forward for this ticket from someone without access to the code in question, would be to describe the suggested alteration to the API output, for example, something like:

Currently: { "some-plugin.php": { "error": "Slug not found." } }

Proposed: `{ "some-plugin.php": { "error": "Unavailable", "code": "closed-author-request", "reason": "Closed by author request" } }

(Those are just examples, not the actual existing API responses)

#9 @masteradhoc
3 months ago

I'd love to get this further. Currently this is a huge security issue as a user you dont recognize if a plugin is closed / not updated for ages / or if it just doesnt have any update available.

WP really needs a pluginnotice for closed plugins to be sure people get aware of it asap.

This ticket was mentioned in Slack in #meta by joostdevalk. View the logs.


5 days ago

Note: See TracTickets for help on using tickets.