WordPress.org

Ideas

Idea: core, root file with version number ONLY for 3rd-party installers

  1. syncbox
    Member

    12345

    I am proposing a core, root level file with the current version of WordPress listed in it that could be updated by any in-WP upgrade AND by any 3rd-party installer/upgrader. This would not be what WordPress reads to list the version AND would have NO other function, so would be no security risk.

    Per Midphase and other companies, third-party installers like Fantastico cannot determine the version of WordPress installed if you upgrade FROM WordPress rather than their application -- in their process, they update a (for example) a fantversion.php file (I am told this is how all 3rd-party installers do it).

    This results in the scenario of a control panel saying you have an older version (whichever they last recorded) and that you need to upgrade even if you have the latest version.

    Posted: 5 years ago #
  2. Peter Westwood
    Member

    12345

    I really don't see the point of this.

    The WordPress version number is already available in a well known file in an easy to parse format.

    Why do they need another file?

    Posted: 5 years ago #
  3. i have not faced this problem before

    Posted: 5 years ago #
  4. Peter Westwood
    Member

    12345

    Also - is there a clear definition of what the different 3rd party install/upgraders expect to find - if so I suspect a plugin could be written to achieve this.

    Posted: 5 years ago #
  5. syncbox
    Member

    12345

    Perhaps... but hosts that use something like Fantastico say that it cannot "know" when you've updated your WordPress application via the WordPress app itself (in the admin's auto-upgrade or otherwise)

    I've personally seen this 4 or 5 times since that ability was added to WordPress. Now normally, I'd go into a cpanel and use the Fantastico app itself to upgrade, but with the great new (and fairly reliable) function of doing this in the admin, why bother with Fantastico? (or whatever installer your host uses)?

    All of them write their own file to keep track of the version of WordPress THEY install (eg. fantversion.php) They don't monitor YOUR WordPress application to determine if you need to upgrade... they simply look at their file and if they are now offering a later version, tell you need to upgrade... even if you don't!

    Of course, you can manually modify THEIR file. Add another task to your list for every upgrade. I'd RATHER not. If a file IN the core of WP behaved like fantversion.php, I believe these companies would take advantage of that and read it.

    It seems a logical companion to the internal auto upgrade functions. and by making it external to the admin and a core-level file that only does this one thing, it shouldn't be exploitable.

    Posted: 5 years ago #
  6. Ipstenu (Mika Epstein)
    Half-Elf Support Rogue, Volunteer Forum Mod & Plugin Referee

    You could write a plugin that scraps the version and updates the fantversion.php file, but this is a flaw in the 3rd party, NOT in WP. Also you hit the slippery slope with this. How many 3rd party installers should WP support?

    IMO: None.

    Posted: 5 years ago #
  7. Mark
    Member

    12345

    Agree with the above posters: it is something that the 3rd party apps should support and there is no reason they couldn't do it as it is now.

    Posted: 5 years ago #
  8. Partnersuche
    Member

    12345

    I also can't see any benefit in including a core, root level file with the current version of WordPress for 3rd-party installers.

    Posted: 5 years ago #
  9. Mark / t31os
    Moderator

    12345

    Perhaps... but hosts that use something like Fantastico say that it cannot "know" when you've updated your WordPress application via the WordPress app itself (in the admin's auto-upgrade or otherwise)

    They should be able to detect that pretty easily, compare the version in wp-includes/version.php (or get_option('version')) to the version they have in their own file, if they don't match then the installation has been updated or modified.

    That's a pretty simple thing to do, if your host can't manage a simple comparison check, i'd not trust them to install any application for me, let alone run upgrade routines.

    So, my vote, not necessary, plugin territory.

    Posted: 5 years ago #

RSS feed for this topic

Reply

You must log in to post.

  • Rating

    12345
    11 Votes
  • Status

    Sorry, not right now