search

TGMPA / TGM-Plugin-Activation

TGM Plugin Activation is a PHP library that allows you to easily require or recommend plugins for your WordPress themes (and plugins). It allows your users to install, update and even automatically activate plugins in singular or bulk fashion using native WordPress classes, functions and interfaces. You can reference bundled plugins, plugins from the WordPress Plugin Repository or even plugins hosted elsewhere on the internet.
http://tgmpluginactivation.com/
GNU General Public License v2.0
1.76k stars 430 forks source link

Improve plugins versions management like composer does (semver) #612

Closed tlartaud closed 8 years ago

tlartaud commented 8 years ago

Hi there,

I am actually developping a premium theme including a free wp-plugin. However, my theme is totally rewriting/recompiling the assets from this plugin.

Actually, we can set a required minimum version. It would be more than usefull to be able to set the version using the semver logic like it is done using composer.

I'm asking that because while my theme is compiling assets from the 7.0.2 plugin, it will be really buggy if the installed plugin is higher. Tgmpa will actually not show any notice if the user has the 7.0.3 version, but for me, its a real problem, because the compiled assets included in the theme will be generated from the plugin version 7.0.2 ... So there will be a lot of missing styles, leading to unexpected behaviors.

So, it would be awesome to be able to set an exact version using

"version" => "7.0.3"

Or to set a version that allow higher non-major versions

"version" => "^7.0.3" // equal to ">=7.0.3 <8.0.0"

More examples at https://getcomposer.org/doc/articles/versions.md

What do you think ?

jrfnl commented 8 years ago

I'm not much in favour of this and believe that this will cause more issues than that it solves.

WordPress encourages people to upgrade (Core, plugins and themes) as much as possible as security issues are quickly known and widely exploited. Allowing a dependency to be set at a fixed version goes against that philosophy and will - at one point or another - make the user vulnerable to attack vectors.

Aside from that another theme/plugin might set the minimum version above your maximum/fixed version causing another set of problems altogether.

However, my theme is totally rewriting/recompiling the assets from this plugin.

Considering you are rewriting/recompiling the assets, your version of the plugin will not be the same as the one publicly available, so to me, it would make more sense if you would make your version a proper fork of the plugin you are using with it's own unique slug and versioning.

I do realize this might cause issues if the official version is already installed, but that's inherent to the choice you make of changing things in a publicly available free plugin.

tlartaud commented 8 years ago

Okay @jrfnl

It makes sense. I'll just try to follow the plugin updates as closer as possible to make sure the users can update the theme FIRST, and then, get notices from tgmpa to update the plugin to the version bundled in the theme.

Thanks a lot for your recommendations.

jrfnl commented 8 years ago

Sounds good & you're welcome. Hope things work out with your theme.