Making WordPress.org

Opened 5 months ago

#7781 new defect (bug)

Validate the 'Requires' plugin header.

Reported by: dd32's profile dd32 Owned by:
Milestone: Priority: low
Component: Plugin Directory Keywords:
Cc:

Description

When importing plugins we sanitize the readme to exclude various incorrect things, one of them being the requires header:
https://github.com/WordPress/wordpress.org/blob/a3ee375d817666b94fa4dca30dd26af4e546912f/wordpress.org/public_html/wp-content/plugins/plugin-directory/readme/class-parser.php#L805-L842

Since WordPress supports the Requires header being in the Plugin file however, we now prefer that over the readme.

As it turns out, we have no validation logic in place for this, which allows a plugin to set their headers to:

 * Requires at least: 7.4
 * Requires PHP: 7.4

We should:

  • Add an import warning when the readme and plugin headers do not match (if specified in the readme)
  • Add an import warning when the version is higher than expected (rather than just when the readme version is higher than expected)

While we can "ignore" the readme header being invalid (and we do) we can't ignore the plugin header being incorrect as WordPress may refuse to activate/update it.

Change History (0)

Note: See TracTickets for help on using tickets.