[wp-trac] [WordPress Trac] #9757: Allow Plugin/Theme updates from a uploaded .zip file.

WordPress Trac noreply at wordpress.org
Fri May 15 00:37:50 UTC 2020 

#9757: Allow Plugin/Theme updates from a uploaded .zip file.
-------------------------------------------------+-------------------------
 Reporter:  hakre                                |       Owner:  (none)
     Type:  feature request                      |      Status:  assigned
 Priority:  high                                 |   Milestone:  Future
                                                 |  Release
Component:  Upgrade/Install                      |     Version:  2.8
 Severity:  normal                               |  Resolution:
 Keywords:  dev-feedback has-patch early needs-  |     Focuses:
  screenshots                                    |
-------------------------------------------------+-------------------------

Comment (by azaozz):

 Replying to [comment:106 mariovalney]:

 The PR is looking good. Some quick notes:

 > > The screenshot looks like the installation is attempted initially and
 then fails.

 > That's the idea: we had a failure.

 Right, but instead of "failed" it may be better to ask if the user wants
 to update imho. Then it would go: Installing... The plugin is already
 installed, do you want to update it? Then the compare table.

 > I added some CSS. Is that the best place?

 Yes, seems okay.

 > As said, we are not checking versions. But we are showing comparison
 table only if we found plugin data in existing directory and after
 validating the uploaded package is a plugin.

 Wondering if it should have some sort of warning when "reverting" to an
 earlier version? Also, it's pretty rare, but there may be plugins with
 matching names (where one is in the plugins dir and the other is not).
 Perhaps trying to match more of the plugin meta/headers may be good?

 > Maybe implement a new action on **update.php** to check a new nonce for
 this package ID?
 >
 > This will not allow user overwrite a package by adding parameter on URL.

 May be nice to have but not strictly necessary imho. The `plugin-upload`
 nonce is already there so the only way for this to happen would be to
 manually add the URL query arg. Perhaps can make it a bit more unique,
 something like `add_query_arg( 'overwrite', 'ovewrite-uploaded-plugin',
 $this->url )`.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/9757#comment:116>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list