Plugin Author
AITpro
(@aitpro)
The automatic update checks that you are a logged in Admin to the site with permissions to perform the automatic update, checks the BPS version number and then performs the automatic update.
The idea you are proposing could be very simply done with a WordPress Cron. This would have to be an option setting because folks should have a choice about turning this On or Off.
I don’t see anything in the WordPress Plugin Guidelines that says you cannot do/not allowed to do something like this so I will add this as an option in the next version release.
WordPress Plugin Guidelines: http://wordpress.org/extend/plugins/about/guidelines/
That sounds great !
Or maybe another possible solution might be to trigger the automatic check from a plugin activation hook ?
cfr
Plugin Author
AITpro
(@aitpro)
Actually it would be much simpler to create the Cron due to the way/how/where the code is currently fired from. Or yeah I could just duplicate/fire the current code/function and have it executed under the activation function, but since creating a WP Cron is so simple to create/add and the WordPress Settings API is so quick and simple to use/setup/add then actually creating a Cron Option is the much simpler route to go.
More importantly I feel that this should be an Option that someone can choose to use or not so having this done automatically under the activation function will cause headaches for me – guaranteed. 😉
Most folks have CGI configured Servers, but for the 1% of folks that have DSO configured Servers they need to see the BPS Alerts that the autoupdate did not complete since these folks need to do manual file permission and/or ownership changes.
Ok, that’s indeed a logical explanation.
A cronjob it will be then 🙂
BTW, something went wrong with the url reference to the plugin activation hook I wanted to add in my previous post, but it doesn’t matter anymore.
Plugin Author
AITpro
(@aitpro)
Marking this as resolved. This new feature will be added in BPS .48.1.
Plugin Author
AITpro
(@aitpro)
Well as it turns out adding something like this is not really doable without putting the site at serious risk.
The auto-updating of the .htaccess files can ONLY be triggered by a logged in administrator to the site since file writing is occurring so when I played around with allowing the updating to occur with a non-administrator account you can imagine all the fun ways I discovered that you can destroy the site by simply just registering and logging in as a Subscriber.
The same dilemma occurs with putting the trigger under the activation hook. Unfortunately, this is just not safely doable. Sorry about that. 😉
That’s a pitty, but I understand the security concerns.
Anyway, thanks for your time to investigate this !
