[wp-trac] [WordPress Trac] #60540: Plugin dependencies: guard against unexpected responses to the `plugin_information` API endpoint

WordPress Trac noreply at wordpress.org
Wed Feb 14 18:02:26 UTC 2024 

#60540: Plugin dependencies: guard against unexpected responses to the
`plugin_information` API endpoint
--------------------------+---------------------
 Reporter:  pbiron        |       Owner:  (none)
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  6.5
Component:  Plugins       |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+---------------------
Changes (by costdev):

 * milestone:  Awaiting Review => 6.5


Old description:

> `WP_Plugin_Dependencies::get_dependency_api_data()` calls the
> `plugin_information` endpoint of the Plugins API.
>
> The existing code in 6.5 Beta 1 assumes that all responses that are not
> `WP_Error` instances are produced by the .org API.  However, extenders
> are able to filter the responses and some premium plugins do that to
> provide info about the premium plugins.  However, some of those extenders
> may return responses to that endpoint that do not contain properties that
> the Plugin Dependencies codebase relies on.
>
> Thus, rather than just checking whether the repsonse is a `WP_Error`, we
> need to check that all the properties in the response that are used are
> actually present in said response.

New description:

 `WP_Plugin_Dependencies::get_dependency_api_data()` calls the
 `plugin_information` endpoint of the Plugins API.

 The existing code in 6.5 Beta 1 assumes that all responses that are not
 `WP_Error` instances are produced by the .org API.  However, extenders are
 able to filter the responses and some premium plugins do that to provide
 info about the premium plugins.  However, some of those extenders may
 return responses to that endpoint that do not contain properties that the
 Plugin Dependencies codebase relies on.

 Thus, rather than just checking whether the response is a `WP_Error`, we
 need to check that all the properties in the response that are used are
 actually present in said response.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/60540#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list