[wp-trac] [WordPress Trac] #23880: Minimum PHP version in Plugins

WordPress Trac noreply at wordpress.org
Sat Mar 30 15:32:33 UTC 2013


#23880: Minimum PHP version in Plugins
-----------------------------+------------------------------
 Reporter:  TJNowell         |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Plugins          |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |
-----------------------------+------------------------------

Comment (by TJNowell):

 WordPress loads the first 8Kib bytes of the plugin file as it would a text
 file, so the syntax of the file is irrelevant as far as the PHP version
 used is concerned at that point because no PHP parsing or execution of the
 plugin has taken place yet. How else do you explain how WordPress knows to
 execute the file with the header in and not the other files?



 {{{
 foreach ( (array) $plugins as $plugin ) {
     if ( '.' == dirname($plugin) ) {
         if( $data = get_plugin_data(WP_PLUGIN_DIR . '/' . $plugin) ) {
 }}}


 And get_plugin_data() does uses get_file_data() which does:


 {{{
     // Pull only the first 8kiB of the file in.
     $file_data = fread( $fp, 8192 );
 }}}





 Performance wise, doing it in Core would be better. Instead of every
 plugin checking itself, repeating the check over and over again, Core
 should do it all at once, giving the following benefits:

  * Saves plugin developers time
  * Provides a means of warning users before they go through the hassle of
 uploading and installing the plugin
  * Can be cached in the database, so no checks may be needed at all if the
 plugins don't change version

 To force every plugin to do this check and have an unnecessary level of
 indirection is to encourage bad design, and demonstrates poor architecture
 that's fixable.

 There's all this talk about plugins in wordpress.org should be 5.2
 compatible just as WordPress is, but:

  * Nobody actually justified this
  * Not all WordPress plugins come from the repository
  * Not all WordPress installs run the latest version, and thus not all
 installs have the 5.2 min req yet ( though this is a problem in its own
 right )
  * Not everyone is aware fo what PHP is capable of and which version
 introduced what. We're not all experts, and developer X may have used
 namespaces not knowing they required 5.3
  * Everyone talks about WordPress being more than just a blog, if that's
 the case we should ask responsibly and professionally and expand our scope
 beyond the limited usecase of a new user loading plugins off of
 wordpress.org. A lot of client work goes on, and we can't anticipate all
 the end cases, so lets take care of the basics and at least fail
 gracefully rather than showing a white screen of death in various cases

 '''Implementation Notes'''

 We already define the minimum requirement for WordPress here:

 https://github.com/WordPress/WordPress/blob/master/wp-
 includes/version.php#L28

 We check for WordPress min PHP&MySQL version on install here:

 https://github.com/WordPress/WordPress/blob/master/wp-
 admin/install.php#L150

 and there's a function to do the same here:

 https://github.com/WordPress/WordPress/blob/master/wp-
 includes/load.php#L103

 Here is the check wp_get_active_and_valid_plugins that determines the
 plugins to load:

 https://github.com/WordPress/WordPress/blob/master/wp-
 includes/load.php#L479

 The first step would be to modify the get_plugin_data function to look for
 the minimum version:

 https://github.com/WordPress/WordPress/blob/1c816c795b0030a91f9bfa212da894575b090db6
 /wp-admin/includes/plugin.php#L72

 This is called here in the plugins page:

 https://github.com/WordPress/WordPress/blob/55fb020e84fd46bd56668facd1f3a74be1776cbf
 /wp-admin/plugins.php#L238

 and here in the upgrader class:

 https://github.com/WordPress/WordPress/blob/9890179bce40df7ede22ca18e5b5900825915221
 /wp-admin/includes/class-wp-upgrader.php#L496

 We'll want to change wp_get_active_and_valid_plugins to check the PHP
 version accordingly and remove such plugins, preventing white screens of
 death, failures to load, and other issues that could arise.

 The rest is informing the user via a notice bar if an active plugin is
 removed in the above check, disabling the activate link, and adding a note
 in the plugin listings that the plugin hasn't met its minimum
 requirements. It could even have the activate link still available, albeit
 with the warning showing

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/23880#comment:25>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list