[wp-hackers] Accessing Update Check API Outside of WordPress

CloudPress Hosting cloudpresshosting at gmail.com
Sun Nov 11 07:26:51 UTC 2012

Can't say that I knew how the API worked before but with a little clever
hacking I modified a test install of WordPress to post the request to
requestb.in then looked at what was posted.

The WordPress site posts a serialized string. The key is "plugins" and this
is what the value of that post data looks like.

by millions, Akismet is quite possibly the best way in the world to
<strong>protect your blog from comment and trackback spam</strong>. It
keeps your site protected from spam even while you sleep. To get started:
1) Click the "Activate" link to the left of this description, 2) <a href="
http://akismet.com/get/?return=true">Sign up for an Akismet API key</a>,
and 3) Go to your <a href="admin.php?page=akismet-key-config">Akismet
configuration</a> page, and save your API
is not just a plugin, it symbolizes the hope and enthusiasm of an entire
generation summed up in two words sung most famously by Louis Armstrong:
Hello, Dolly. When activated you will randomly see a lyric from
<cite>Hello, Dolly</cite> in the upper right of your admin screen on every
page.";s:6:"Author";s:14:"Matt Mullenweg";s:9:"AuthorURI";s:13:"
Dolly";s:10:"AuthorName";s:14:"Matt Mullenweg";}}s:6:"active";a:0:{}}

A bit of a mess but if you unserialize it then var_dump the resulting array
you can more easily see what it shows. It basically has all the meta data
for each plugin. Post that to
http://api.wordpress.org/plugins/update-check/1.0/ using cURL and what I
got back was an empty serialized string, meaning all plugins were up to
date. Modify one of the version numbers in the serialized string that is
sent to be a previous version number and what I get back is a serialized
string of meta data on the plugin with an available update like this.


I would assume themes won't be much different.

That was an interesting exercise though I should make a blog post about it.
Also I have to admit I like the idea to use your own script to detect
updates and just email you, I might consider making something similar since
I manage multiple WordPress sites for myself and for my clients. Thanks for
the idea.

On Sat, Nov 10, 2012 at 10:01 PM, Mark Smith <mark.smith1187 at yahoo.com>wrote:

> I run numerous sites. Rather than have each site use the built in update
> check I have disabled all update checks from the site via a plugin I made.
> Instead I am building a php based cron job that will query the
> api.wordpress.org site to check for updates and send me an email
> notification. Personally I prefer that to the constant nags in WordPress to
> upgrade. While I install minor upgrades as soon as they come out often
> times I will wait on new major version having to see a nag until I do.
> Core updates were easy enough, a simple cURL request to
> http://api.wordpress.org/core/version-check/1.6/ returns a serialized
> string which includes the current stable release version.
> $output = unserialize($output);
> $current_version = $output['offers'][0]['current'];
> unset($output);
> Gets me the version number currently available which I can check against
> my installed versions easily enough.
> Plugins and themes are a bit more difficult because I have to post data
> about what plugins and themes I am checking.  This is obviously not
> documented, the only documentation is a list of the API endpoints at
> http://codex.wordpress.org/WordPress.org_API.
> I took a look at update.php to see how WordPress does it but the myriad of
> WordPress functions seems to just confuse me as to what exactly is being
> posted to the API endpoints
> http://api.wordpress.org/plugins/update-check/1.0/ and
> http://api.wordpress.org/themes/update-check/1.0/. Can anyone explain to
> me what eactly needs to be posted to get the current version of each plugin
> and theme.
> Thanks.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list