mirror of
https://gh.wpcy.net/https://github.com/YahnisElsts/plugin-update-checker.git
synced 2026-04-26 17:42:29 +08:00
3ceae95c4f
See #602. The "autoupdate" field is supported by WP core and could be useful, but it's also a potential security flaw since it would let someone who compromised the update source/API to remotely trigger an automatic update - even if the plugin developer didn't intend to allow fully automatic updates. This commit attempts to mitigate that by requiring the developer to explicitly call allowAutoupdateField() to opt-in first. You can also use the new custom filter 'autoupdate_field_allowed' to do this on a case-by-case basis. The filter gets the update object as the second argument, so you can decide if you want to allow it for a specific update. Note that you can't use this filter to set the "autoupdate" field. The filter just controls whether the "autoupdate" field will be left as-is or automatically set to `false`. |
||
|---|---|---|
| .. | ||
| v5 | ||
| v5p6 | ||
