[wp-trac] [WordPress Trac] #51609: Auto update remove custom API data from plugin endpoint.

WordPress Trac noreply at wordpress.org
Fri Oct 23 03:32:21 UTC 2020 

#51609: Auto update remove custom API data from plugin endpoint.
-----------------------------+-----------------------------
 Reporter:  peterwilsoncc    |      Owner:  (none)
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Upgrade/Install  |    Version:  5.5.1
 Severity:  normal           |   Keywords:
  Focuses:                   |
-----------------------------+-----------------------------
 I was testing some of the plugins for AwesomeMotive when I noticed that
 [48669] in WordPress 5.5.0 breaks backwards compatibility due to a flaw in
 an intended fix that WordPress had done in the point release.

 The change was originally intended to ensure PHP notices would not be
 thrown by third party plugin updaters if any of the standard plugin update
 info keys were not set (by then setting that to a default) but instead it
 has the unintended purpose of stripping additional plugin keys.

 In [https://github.com/WordPress/wordpress-
 develop/blob/6ec4cc34688a3a01ecc0e397ad419cb46e5aa5f2/src/wp-
 admin/includes/class-wp-plugins-list-table.php#L235 class-wp-plugins-list-
 table.php] and [https://github.com/WordPress/wordpress-
 develop/blob/6ec4cc34688a3a01ecc0e397ad419cb46e5aa5f2/src/wp-
 admin/includes/class-wp-debug-data.php#L980 class-wp-debug-data.php] the
 plugins auto-update routine uses `array_intersect_key()` instead of
 `wp_parse_args()` to merge API response data with the default values.

 This removes any custom values from the plugin's update API response when
 displaying the enable/disable link and displaying debug data in the site
 health check.

 Many plugin updates add additional plugin data keys to the response this
 can cause issues. Further, this also breaks the ability for testing of
 patches for WordPress core/meta, as, for example, the patch to add a
 `requires_wp` header (to allow plugins to declare a minimum WP version)
 can no longer be fully tested since its stripped out.

 With this patch, I've changed it from using an `array_intersect_key()` to
 the standard WordPress function for ensuring default array keys are
 present `wp_parse_args()` which both preserves the originally intended
 protection from missing keys while fixing the breakage caused by the patch
 that was merged.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/51609>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list