[wp-hackers] Accessing Update Check API Outside of WordPress
CloudPress Hosting
cloudpresshosting at gmail.com
Sun Nov 11 07:26:51 UTC 2012
Can't say that I knew how the API worked before but with a little clever
hacking I modified a test install of WordPress to post the request to
requestb.in then looked at what was posted.
The WordPress site posts a serialized string. The key is "plugins" and this
is what the value of that post data looks like.
O:8:"stdClass":2:{s:7:"plugins";a:2:{s:19:"akismet/akismet.php";a:11:{s:4:"Name";s:7:"Akismet";s:9:"PluginURI";s:31:"
http://akismet.com/?return=true";s:7:"Version";s:5:"2.5.6";s:11:"Description";s:481:"Used
by millions, Akismet is quite possibly the best way in the world to
<strong>protect your blog from comment and trackback spam</strong>. It
keeps your site protected from spam even while you sleep. To get started:
1) Click the "Activate" link to the left of this description, 2) <a href="
http://akismet.com/get/?return=true">Sign up for an Akismet API key</a>,
and 3) Go to your <a href="admin.php?page=akismet-key-config">Akismet
configuration</a> page, and save your API
key.";s:6:"Author";s:10:"Automattic";s:9:"AuthorURI";s:40:"
http://automattic.com/wordpress-plugins/";s:10:"TextDomain";s:0:"";s:10:"DomainPath";s:0:"";s:7:"Network";b:0;s:5:"Title";s:7:"Akismet";s:10:"AuthorName";s:10:"Automattic";}s:9:"hello.php";a:11:{s:4:"Name";s:11:"Hello
Dolly";s:9:"PluginURI";s:48:"
http://wordpress.org/extend/plugins/hello-dolly/";s:7:"Version";s:3:"1.6";s:11:"Description";s:295:"This
is not just a plugin, it symbolizes the hope and enthusiasm of an entire
generation summed up in two words sung most famously by Louis Armstrong:
Hello, Dolly. When activated you will randomly see a lyric from
<cite>Hello, Dolly</cite> in the upper right of your admin screen on every
page.";s:6:"Author";s:14:"Matt Mullenweg";s:9:"AuthorURI";s:13:"
http://ma.tt/";s:10:"TextDomain";s:0:"";s:10:"DomainPath";s:0:"";s:7:"Network";b:0;s:5:"Title";s:11:"Hello
Dolly";s:10:"AuthorName";s:14:"Matt Mullenweg";}}s:6:"active";a:0:{}}
A bit of a mess but if you unserialize it then var_dump the resulting array
you can more easily see what it shows. It basically has all the meta data
for each plugin. Post that to
http://api.wordpress.org/plugins/update-check/1.0/ using cURL and what I
got back was an empty serialized string, meaning all plugins were up to
date. Modify one of the version numbers in the serialized string that is
sent to be a previous version number and what I get back is a serialized
string of meta data on the plugin with an available update like this.
a:1:{s:19:"akismet/akismet.php";O:8:"stdClass":5:{s:2:"id";s:2:"15";s:4:"slug";s:7:"akismet";s:11:"new_version";s:5:"2.5.6";s:3:"url";s:44:"
http://wordpress.org/extend/plugins/akismet/";s:7:"package";s:55:"
http://downloads.wordpress.org/plugin/akismet.2.5.6.zip";}}
I would assume themes won't be much different.
That was an interesting exercise though I should make a blog post about it.
Also I have to admit I like the idea to use your own script to detect
updates and just email you, I might consider making something similar since
I manage multiple WordPress sites for myself and for my clients. Thanks for
the idea.
On Sat, Nov 10, 2012 at 10:01 PM, Mark Smith <mark.smith1187 at yahoo.com>wrote:
> I run numerous sites. Rather than have each site use the built in update
> check I have disabled all update checks from the site via a plugin I made.
>
> Instead I am building a php based cron job that will query the
> api.wordpress.org site to check for updates and send me an email
> notification. Personally I prefer that to the constant nags in WordPress to
> upgrade. While I install minor upgrades as soon as they come out often
> times I will wait on new major version having to see a nag until I do.
>
> Core updates were easy enough, a simple cURL request to
> http://api.wordpress.org/core/version-check/1.6/ returns a serialized
> string which includes the current stable release version.
>
> $output = unserialize($output);
> $current_version = $output['offers'][0]['current'];
> unset($output);
>
> Gets me the version number currently available which I can check against
> my installed versions easily enough.
>
> Plugins and themes are a bit more difficult because I have to post data
> about what plugins and themes I am checking. This is obviously not
> documented, the only documentation is a list of the API endpoints at
> http://codex.wordpress.org/WordPress.org_API.
>
> I took a look at update.php to see how WordPress does it but the myriad of
> WordPress functions seems to just confuse me as to what exactly is being
> posted to the API endpoints
> http://api.wordpress.org/plugins/update-check/1.0/ and
> http://api.wordpress.org/themes/update-check/1.0/. Can anyone explain to
> me what eactly needs to be posted to get the current version of each plugin
> and theme.
>
> Thanks.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list