[wp-trac] [WordPress Trac] #61525: Plugins page keeps making HTTP requests for plugin dependencies which are not in the WordPress Plugin Directory
WordPress Trac
noreply at wordpress.org
Fri Jun 28 04:23:43 UTC 2024
#61525: Plugins page keeps making HTTP requests for plugin dependencies which are
not in the WordPress Plugin Directory
--------------------------+-----------------------------
Reporter: siliconforks | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Suppose you have two plugins installed, `foo` and `bar`, and `foo` is a
dependency of `bar`.
{{{#!php
<?php
/*
Plugin Name: Bar
Requires Plugins: foo
*/
}}}
Suppose also that `foo` and `bar` are not in the WordPress Plugin
Directory - they are custom plugins or third-party plugins installed from
elsewhere.
Then, every time the Plugins admin page is visited,
`WP_Plugin_Dependencies::get_dependency_api_data()` will make an HTTP
request for information on `foo`:
{{{
https://api.wordpress.org/plugins/info/1.2/
?action=plugin_information
&request%5Bslug%5D=foo
&request%5Bfields%5D%5Bshort_description%5D=1
&request%5Bfields%5D%5Bicons%5D=1
&request%5Blocale%5D=en_US
&request%5Bwp_version%5D=6.7
}}}
Normally, for a plugin which is found in the WordPress Plugin Directory,
the response to this request would be cached in a transient for 12 hours,
and there would not be any need to repeat the HTTP request for plugin
information during that time. However, because `foo` is not in the Plugin
Directory, the response will return 404 Not Found, and this means that the
HTTP request will keep getting made over and over again every time the
Plugins page is visited.
Some thoughts on how to improve this behavior:
1. Maybe `WP_Plugin_Dependencies::get_dependency_api_data()` should cache
negative responses? That is, maybe it should remember that the HTTP
request returned 404 Not Found and not try the request again for 12 hours?
2. Maybe it would be wise to look at the
[https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-
header-in-wordpress-5-8/ Update URI] header field (if it exists) and, if
the value is not `https://wordpress.org/plugins/{$slug}/` or
`w.org/plugin/{$slug}`, then clearly the plugin is not in the WordPress
Plugin Directory and the HTTP request for plugin information can be
skipped? This seems like it would work; on the other hand, this might be
considered to be (ab)using the "Update URI" header for a purpose other
than that for which it was intended.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/61525>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list