[wp-meta] [Making WordPress.org] #7781: Validate the 'Requires' plugin header.
Making WordPress.org
noreply at wordpress.org
Fri Sep 20 07:24:02 UTC 2024
#7781: Validate the 'Requires' plugin header.
------------------------------+--------------------
Reporter: dd32 | Owner: (none)
Type: defect (bug) | Status: new
Priority: low | Milestone:
Component: Plugin Directory | Keywords:
------------------------------+--------------------
When importing plugins we sanitize the readme to exclude various incorrect
things, one of them being the requires header:
https://github.com/WordPress/wordpress.org/blob/a3ee375d817666b94fa4dca30dd26af4e546912f/wordpress.org/public_html
/wp-content/plugins/plugin-directory/readme/class-parser.php#L805-L842
Since WordPress supports the Requires header being in the Plugin file
however, we now prefer that over the readme.
As it turns out, we have no validation logic in place for this, which
allows a plugin to set their headers to:
{{{
* Requires at least: 7.4
* Requires PHP: 7.4
}}}
We should:
- Add an import warning when the readme and plugin headers do not match
(if specified in the readme)
- Add an import warning when the version is higher than expected (rather
than just when the readme version is higher than expected)
While we can "ignore" the readme header being invalid (and we do) we can't
ignore the plugin header being incorrect as WordPress may refuse to
activate/update it.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7781>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list