Support » Plugin: Kirki » Latest version reported incorrectly. Will not update via WP

  • Resolved ideawrights

    (@ideawrights)


    WordPress gives me notices that I have a plugin that needs updating, but when I go to the plugin update page, nothing is listed.

    I figured out that this is Kirki, and it has been true for several versions. So I have a special function to output which plugins are triggering the update notifications. If it’s Kirki, I have to go download it, unzip it and copy it over the existing version of Kirki.

    In other words, I can’t use the the WordPress update function.

    When I use the Add New plugin functionality and search on Kirki, it shows Kirki and has a link to show details (rather than install, because it is installed). When I ask it to show the details, it always shows the wrong version number for the latest available version.

    In other words, it says right now that I have version 3.0.38 installed (which I do) and that the latest available update is 3.0.25.

    It’s been stuck at 3.0.25 since… well 3.0.25 I guess.

    • This topic was modified 1 month, 2 weeks ago by  ideawrights.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Aristeides Stathopoulos

    (@aristath)

    Hello @ideawrights, this is certainly weird and has never been reported before… Are you using a theme that is bundling Kirki? Parhaps there are 2 instances of the plugin installed on the site? I can’t think of anything else that would cause this.

    That’s it! This is caused by the Bellevue theme. Thanks for putting me on the right track.

    Actually, it’s a bit more complicated. It’s actually a single instance, but the Bellevue theme is causing the plugin update system to report the wrong available version.

    I’ll explain in a bit more detail for the benefit of others who have the same problem.

    Bellevue being just a theme, does not exactly bundle Kirki, but it bundles an installer that installs Kirki. That should be fine, but when I grepped for kirki in the Bellevue codebase and found that it is using the Plugin Update Checker library.

    https://github.com/YahnisElsts/plugin-update-checker

    This is really intended for managing plugins that are outside the WP ecosystem (self-hosted, Github, Bitbucket, Gitlab).

    Basically, it points to a JSON file to get the latest version and in this case, they are pointing to a fixed version of Kirki like so:

    $myUpdateChecker = Puc_v4_Factory::buildUpdateChecker(
        'https://import.themovation.com/live-plugin-updater/kirki.json',
        $th_plugin_dir.'/'.$th_plugin_slug.'.php',
        $th_plugin_slug
    );

    When you open that JSON file it is pulling the Kirki plugin not from a qualified repo, but from a Dropbox zip file with a frozen version

    {
      "name": "Kirki",
      "version": "3.0.25",
      "download_url": "https://www.dropbox.com/s/62cikx5ctanx412/kirki.zip?dl=1",
      "sections": {
        "description": "The latest update for Kirki."
      }
    }

    This version number overrides the version number as reported by the WP.org library.

    So what happens is that the WP system correctly reports that an update is available, using the actual version of Kirki in use and the version number of the latest version available on WP.org.

    But when you then go to look at available updates or (as mentioned in my first post) you try to install it and look at the “details” for the latest version, but Plugin Update Checker library overrides the normal system and uses the JSON file that the Bellevue theme authors have created.

    I have noticed the same thing on occasion with other plugins, but I think Kirki only floated to the top of my attention because it gets frequent updates. The other plugins would all have the same problem, but of course only when my installed version is out of sync with the latest version in the WP plugin library.

    • This reply was modified 1 month, 1 week ago by  ideawrights.
    • This reply was modified 1 month, 1 week ago by  ideawrights.

    PS – I have written to the Bellevue theme authors to explain this problem and why their practices are problematic, but thought that others using the Plugin Update Checker incorrectly might also be causing the problem, so hopefully this can help with those cases as well.

    Plugin Author Aristeides Stathopoulos

    (@aristath)

    Hmmmm I’ve never seen that kind of setup in a theme before.
    Perhaps the theme author had a reason for doing it? Maybe the version they have is a tweaked version of the plugin. Though if that is the case I don’t understand why they didn’t just bundle it inside the theme itself. I would suggest you contact the theme developers and ask them about it…
    If it is not necessary to stay on v3.0.25 they should update their theme to just use the latest version from w.org.
    If there really is a reason for what they are doing then they should at least keep their own version up to date. Lots of fixes and improvements have happened since that version 🙂

    Plugin Author Aristeides Stathopoulos

    (@aristath)

    I’m glad to hear that. Yes, with all the things happening lately and theme shops doing all kinds of weird things, everyone needs to be a little more transparent about what they do and why.

    Based on the comments in their code, I think the reason the theme author is doing it is because their theme is tested with particular versions of plugins and that means they know that automatic updates won’t break their theme.

    I find that reasoning inadequate – of course I have plugins other than the ones they install automatically and of course those plugins can break my site on update. Anyone who worries about that should have a means of rolling back updates and, in any case, should have a dev/staging site where they can run all updates and test the site before rolling out to a live site.

    In any case, as you say, if they want to do that, they should be updating their JSON files so that their users can stay up to date on critical updates.

    As it is, their theme is blocking all updates to abour 4-5 major plugins (including Elementor and Master Slider) and it means that their theme is effectively creating a security risk as only the more savvy users will be able to figure out which plugins need updating and then actually update them.

    At this point, I’ve basically created a minor fork of the theme to avoid this.

    In any case, this is not your problem, but I do much appreciate your help in figuring it out. Without your comment, I would never have guessed the theme was causing these plugin update problems.

    • This reply was modified 1 month, 1 week ago by  ideawrights.
    • This reply was modified 1 month, 1 week ago by  ideawrights.
    • This reply was modified 1 month, 1 week ago by  ideawrights.
Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.