[wp-meta] [Making WordPress.org] #5747: Block plugins using invalid `Update URI` headers

Making WordPress.org noreply at wordpress.org
Fri Apr 1 01:42:54 UTC 2022

#5747: Block plugins using invalid `Update URI` headers
 Reporter:  dd32              |       Owner:  dd32
     Type:  task (blessed)    |      Status:  accepted
 Priority:  high              |   Milestone:
Component:  Plugin Directory  |  Resolution:
 Keywords:  needs-patch       |

Comment (by dd32):

 > The header formats which should be supported for hosted plugins should
 be either:
 > * https://wordpress.org/plugins/$slug/
 > * w.org/plugins/$slug
 > * Not set

 Just a note on this, If a WordPress.org plugin includes that header, it's
 actually useful for api.wordpress.org/plugins/update-check/ as it gets to
 skip a bunch of plugin-matching code and go straight to "Oh good, this
 plugin is XYZ" without having to do something like "The slug looks like
 XYZ.. the author is different.. the plugin name is XYZ.. it's probably

 Blocking it entirely is possible, and requested in #6238 which I'm not

Ticket URL: <https://meta.trac.wordpress.org/ticket/5747#comment:8>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list