[wp-hackers] Hooking into WP theme/plugin update downloading

Otto otto at ottodestruct.com
Tue Mar 20 22:13:03 UTC 2012


The upgrade code always uses wp_remote_get to get the ZIP file, and
offers no hooks to change that or modify the parameters to it.

However, this doesn't stop you from returning a different URL for the
ZIP file to any given requester based on your own criteria. For oauth,
you could conceivably pass the token in the GET request. Such as
https://example.com/plugin.zip?auth=abc123 and so on. Then if the auth
token isn't valid, return a 401 Unauthorized Error to fail the
download process.

-Otto



On Tue, Mar 20, 2012 at 4:23 PM, Jeremy Hough <jeremy at digitalbrands.com> wrote:
> I have a working (and extended) setup of Jeremy Clark's Self-Hosted Plugin
> Update API (https://github.com/jeremyclark13/automatic-theme-plugin-update).
> I am setting up my update server to force/require https connections to
> encrypt transmissions. I am wanting to use oAuth for authentication (and
> provide access to restricted content).
>
> Is there any type of hook in wordpress I can use so that when an update is
> instantiated, the download behavior can be redefined so that the provided
> update zip url will be downloaded using an oAuth-signed request?
>
> Thanks for any insight,
>
> Jeremy Hough
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list