search

YahnisElsts / plugin-update-checker

A custom update checker for WordPress plugins. Useful if you don't want to host your project in the official WP repository, but would still like it to support automatic updates. Despite the name, it also works with themes.
MIT License
2.22k stars 403 forks source link

Set Plugin Hostname in `Update URI` #447

Open jeffpaul opened 3 years ago

jeffpaul commented 3 years ago

Hi there!

Alongside the WordPress 5.8 release, plugins can now set the URL for their update method. For the various integrations with the plugin-update-checker, is there a recommendation for what to put in the new Update URI field? Seems like putting something there besides https://wordpress.org/plugins/{$slug}/ or w.org/plugin/{$slug} would be ideal so WP.org naming conflicts don't overwrite plugins updated via the plugin-update-checker. I wasn't sure if there was a good reference to put there besides false, so hoping you might have some guidance?

Thanks! Jeff.

YahnisElsts commented 3 years ago

I haven't put very much thought into this, but my recommendation would be to use something that's unique to your plugin, like your own domain name.

Since the patch also introduces a new filter that makes it more convenient to provide custom updates, there will probably be some new plugins that will try to update other plugins based on the Update URI field (e.g. a plugin for GitHub updates). So I would be wary of using any value that might have special meaning to any other developers. Even something seemingly innocuous like false could become an issue if, for example, some developer decides that false means a plugin should never get any updates and uses the filter to disable/remove updates. Setting the Update URI to something unique seems safer.

jeffpaul commented 3 years ago

Even more details on the Update URI field: Introducing “Update URI” plugin header in WordPress 5.8

YahnisElsts commented 3 years ago

I think I should probably mention this new header in the readme, but there's currently no good place to put it. Maybe I'll add a "FAQ" section later.

jakeparis commented 3 years ago

If I understand it, this new header would eliminate the need for including this plugin-update-checker code in our plugins, if we were using our own WP Update Server.

Wouldn't a plugin author simply set the Update URI header field, and point it at our own wp-update-server? Or does someone else have a better understanding of how this new field is meant to work?

YahnisElsts commented 3 years ago

No, I don't think that would work. Quoting from the make.wordpress.org post that was mentioned above:

If the value of this new field matches any URI other than https://wordpress.org/plugins/{$slug}/ or w.org/plugin/{$slug}, WordPress will not attempt to update it. [emphasis mine]

It sounds like WordPress will not check the provided URI for updates. By default, the only thing that the Update URI header does is prevent WordPress from trying to find plugin updates on wordpress.org. Anything more - like retrieving updates from the URI - would still require custom code.