Opened 5 months ago
#7781 new defect (bug)
Validate the 'Requires' plugin header.
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | low | |
Component: | Plugin Directory | Keywords: | |
Cc: |
Description
When importing plugins we sanitize the readme to exclude various incorrect things, one of them being the requires header:
https://github.com/WordPress/wordpress.org/blob/a3ee375d817666b94fa4dca30dd26af4e546912f/wordpress.org/public_html/wp-content/plugins/plugin-directory/readme/class-parser.php#L805-L842
Since WordPress supports the Requires header being in the Plugin file however, we now prefer that over the readme.
As it turns out, we have no validation logic in place for this, which allows a plugin to set their headers to:
* Requires at least: 7.4 * Requires PHP: 7.4
We should:
- Add an import warning when the readme and plugin headers do not match (if specified in the readme)
- Add an import warning when the version is higher than expected (rather than just when the readme version is higher than expected)
While we can "ignore" the readme header being invalid (and we do) we can't ignore the plugin header being incorrect as WordPress may refuse to activate/update it.
Note: See
TracTickets for help on using
tickets.