I’d like to know if there’s any way to hook into WordPress update process and send $_POST variable to update server?
I’m delivering plugin/theme updates from private server and I hook into this:
add_filter('pre_set_site_transient_update_themes', 'check_for_update');
which works just fine. Newer version of theme/plugin appears under Dashboard > Updates and I can update. But the problem is – I want users to only be able to download/update if they provided correct login/password (first via add_option()). Ideally, direct link should never work unless client sends $_POST with login/password to update.php (the files on update server that will send plugin.ZIP in return).
I’m looking for something like this:
add_filter('updating', 'my_func');
function my_func($request){
$request['login'] = get_option('login');
$request['pass'] = get_option('pass');
return $request;
}
And WordPress, while updating theme/plugin, should send $_POST['login'] and $_POST['pass'] to http://example.com/update.php and update.php should only allow downloading/updating if login matches the one defined there (update.php is the file on update server that sends ZIP package with newer plugin to WordPress).
I hope that it’s clear 🙂
Update & the internal WP HTTP API
A slightly modified version of my answer to this question, but also as a plugin that shows how it could work.
Note: The code is not tested – I don’t know your server setup, etc. – and just written out of my head. You’ll have to test it, find the proper position for merging the arguments and set your URL, etc.
The initial test (#1) could be improved if the custom remote repository sends back usable headers (which isn’t often the case). So if it does, you’re better off using wp_remote_head() instead as it makes the HTTP request more lightweight.
<?php
defined( 'ABSPATH' ) OR exit;
/**
* Plugin Name: (#78267) Custom Theme Update Args
* Description: Adds custom arguments to the HTTP request for a theme or plugin update from a custom location.
* Version: 2013-04-02.2139
* Author: Franz Josef Kaiser <wecodemore@gmail.com>
* Author URI: http://unserkaiser.com
* License: The MIT License (MIT)
* LicenseURI: http://www.opensource.org/licenses/mit-license.php
*/
add_filter( 'http_request_args', 'custom_upgrade_process', 9, 2 );
/**
* Callback for a HTTP request used to switch the
* SSL verification in case of a WP error response
* and routing to a custom Theme or Plugin repository.
* @param array $r Request arguments
* @param string $url Request URL
* @return array $r
*/
function custom_upgrade_process( $r, $url )
{
// Alter the following settings according to your
// update procedure and admin pages that deliver it.
# A) The admin URL
$custom_repo = 'https://example.com?foo=bar';
if (
0 !== strpos( $url, 'http://api.wordpress.org/plugins/update-check' )
XOR 0 !== strpos( $url, 'http://api.wordpress.org/themes/update-check' )
)
return $r;
# 1) Do an initial test to check if things are working as expected
$response = wp_remote_get(
$custom_repo,
array(
'timeout' => 120,
'httpversion' => '1.1',
)
);
# 2) Turn off SSL verification in case the HTTP request didn't work out
if (
is_wp_error( $response )
AND strstr( $response->get_error_message(), 'SSL: certificate subject name' )
)
add_filter( 'https_ssl_verify', '__return_false' );
# 3) Add your custom request arguments
$r = array_merge( $r, array(
'login' => get_option( 'login' ),
'pass' => get_option( 'pass' ),
) );
return $r;
}
Good luck. 🙂
