[wp-trac] [WordPress Trac] #60504: Plugin dependencies: Account for mu-plugin as dependency

WordPress Trac noreply at wordpress.org
Mon Feb 12 12:30:46 UTC 2024 

#60504: Plugin dependencies: Account for mu-plugin as dependency
-----------------------------+---------------------------
 Reporter:  johnbillion      |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  6.5
Component:  Upgrade/Install  |    Version:  trunk
 Severity:  critical         |   Keywords:  needs-testing
  Focuses:                   |
-----------------------------+---------------------------
 I believe there could be a situation where a plugin on a site gets
 automatically deactivated despite its dependencies being met by a mu-
 plugin, and subsequently that plugin cannot be reactivated.

 I'm using "WooCommerce" and "WooCommerce Extension" as examples for
 clarity.

 * A site is using WordPress 6.4 or earlier which does not contain the
 plugin dependencies feature
 * The site is using WooCommerce as a mu-plugin
 * The site is using WooCommerce Extension as a regular plugin
 * WooCommerce Extension gets updated to the latest version which adds the
 "Requires Plugins" header, and its update goes ahead as expected
 * At a later date the site gets updated to WordPress 6.5 which does
 include the plugin dependencies feature
 * WooCommerce Extension now has an unmet dependency and gets automatically
 deactivated, despite WooCommerce being in place on the site as a mu-plugin
 * The site is now missing a plugin that ''cannot be reactivated'' because
 its dependency exists as a mu-plugin

 I've not had time to test this properly. There could be safeguards in
 place to prevent a site from getting to this point (eg by preventing the
 core update to 6.5), however the general problem of a mu-plugin fulfilling
 a dependency remains. If a user circumvents a safeguard by manually
 updating, they'll find themselves in the same situation where WooCommerce
 Extension gets deactivated and cannot be reactivated.

 * What safeguards are in place for this?
 * How would a user recover from it regardless? Can they?
 * Are mu-plugins accounted for at all within plugin dependencies? Should
 there be a means of forcibly activating a plugin with unmet dependencies?
 * Should plugins be automatically deactivated when their dependencies
 aren't met? It seems potentially destructive

 Related: #60491

 Partially related: #60457

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60504>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list