Hook into WordPress update?

4 Views

I’d like to know if there’s any way to hook into WordPress update process and send $_POST variable to update server?

I’m delivering plugin/theme updates from private server and I hook into this:

Read More

add_filter('pre_set_site_transient_update_themes', 'check_for_update');

which works just fine. Newer version of theme/plugin appears under Dashboard > Updates and I can update. But the problem is – I want users to only be able to download/update if they provided correct login/password (first via add_option()). Ideally, direct link should never work unless client sends $_POST with login/password to update.php (the files on update server that will send plugin.ZIP in return).

I’m looking for something like this: 

add_filter('updating', 'my_func');
function my_func($request){
   $request['login'] = get_option('login');
   $request['pass'] = get_option('pass');
   return $request;
}

And WordPress, while updating theme/plugin, should send $_POST['login'] and $_POST['pass'] to http://example.com/update.php and update.php should only allow downloading/updating if login matches the one defined there (update.php is the file on update server that sends ZIP package with newer plugin to WordPress).

I hope that it’s clear 🙂

Post Views: 4

Related posts

Leave a Reply

1 comment

  1. Update & the internal WP HTTP API

    A slightly modified version of my answer to this question, but also as a plugin that shows how it could work.

    Note: The code is not tested – I don’t know your server setup, etc. – and just written out of my head. You’ll have to test it, find the proper position for merging the arguments and set your URL, etc.

    The initial test (#1) could be improved if the custom remote repository sends back usable headers (which isn’t often the case). So if it does, you’re better off using wp_remote_head() instead as it makes the HTTP request more lightweight.

    <?php
defined( 'ABSPATH' ) OR exit;
/**
 * Plugin Name: (#78267) Custom Theme Update Args
 * Description: Adds custom arguments to the HTTP request for a theme or plugin update from a custom location.
 * Version:     2013-04-02.2139
 * Author:      Franz Josef Kaiser <wecodemore@gmail.com>
 * Author URI:  http://unserkaiser.com
 * License:     The MIT License (MIT)
 * LicenseURI:  http://www.opensource.org/licenses/mit-license.php
 */

add_filter( 'http_request_args', 'custom_upgrade_process', 9, 2 );
/**
 * Callback for a HTTP request used to switch the
 * SSL verification in case of a WP error response
 * and routing to a custom Theme or Plugin repository.
 * @param  array  $r   Request arguments
 * @param  string $url Request URL
 * @return array  $r
 */
function custom_upgrade_process( $r, $url )
{
    // Alter the following settings according to your
    // update procedure and admin pages that deliver it.
    # A) The admin URL
    $custom_repo = 'https://example.com?foo=bar';

    if (
        0 !== strpos( $url, 'http://api.wordpress.org/plugins/update-check' )
        XOR 0 !== strpos( $url, 'http://api.wordpress.org/themes/update-check' )
    )
        return $r;

    # 1) Do an initial test to check if things are working as expected
    $response = wp_remote_get(
        $custom_repo,
        array(
            'timeout'     => 120,
            'httpversion' => '1.1',
        )
    );
    # 2) Turn off SSL verification in case the HTTP request didn't work out
    if (
        is_wp_error( $response )
        AND strstr( $response->get_error_message(), 'SSL: certificate subject name' )
    )
        add_filter( 'https_ssl_verify', '__return_false' );

    # 3) Add your custom request arguments
    $r = array_merge( $r, array(
        'login' => get_option( 'login' ),
        'pass'  => get_option( 'pass' ),
    ) );

    return $r;
}

    Good luck. 🙂