[wp-meta] [Making WordPress.org] #7781: Validate the 'Requires' plugin header.

Making WordPress.org noreply at wordpress.org
Fri Sep 20 07:24:02 UTC 2024


#7781: Validate the 'Requires' plugin header.
------------------------------+--------------------
 Reporter:  dd32              |      Owner:  (none)
     Type:  defect (bug)      |     Status:  new
 Priority:  low               |  Milestone:
Component:  Plugin Directory  |   Keywords:
------------------------------+--------------------
 When importing plugins we sanitize the readme to exclude various incorrect
 things, one of them being the requires header:
 https://github.com/WordPress/wordpress.org/blob/a3ee375d817666b94fa4dca30dd26af4e546912f/wordpress.org/public_html
 /wp-content/plugins/plugin-directory/readme/class-parser.php#L805-L842

 Since WordPress supports the Requires header being in the Plugin file
 however, we now prefer that over the readme.

 As it turns out, we have no validation logic in place for this, which
 allows a plugin to set their headers to:
 {{{
  * Requires at least: 7.4
  * Requires PHP: 7.4
 }}}

 We should:
  - Add an import warning when the readme and plugin headers do not match
 (if specified in the readme)
  - Add an import warning when the version is higher than expected (rather
 than just when the readme version is higher than expected)

 While we can "ignore" the readme header being invalid (and we do) we can't
 ignore the plugin header being incorrect as WordPress may refuse to
 activate/update it.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/7781>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list