Merge remote-tracking branch 'origin/dev' into dev

README.md

@@ -151,7 +151,7 @@ Name                          | Type      | Description
 Enable VCS                    | checkbox  | Enables this server to download packages from a Version Control System before delivering updates.<br/>Supports Bitbucket, Github and Gitlab.<br/>If left unchecked, zip packages need to be manually uploaded to `wp-content/plugins/updatepulse-server/packages`.
 VCS URL                       | text      | The URL of the Version Control System where packages are hosted.<br/>Must follow the following pattern: `https://version-control-system.tld/username` where `https://version-control-system.tld` may be a self-hosted instance of Gitlab.<br/>Each package repository URL must follow the following pattern: `https://version-control-system.tld/username/package-slug/`; the package files must be located at the root of the repository, and in the case of WordPress plugins the main plugin file must follow the pattern `package-slug.php`.
 Self-hosted VCS               | checkbox  | Check this only if the Version Control System is a self-hosted instance of Gitlab.
-Packages branch name          | text      | The branch to download when getting remote packages from the Version Control System.
+Packages branch name          | text      | The branch to download when getting remote packages from the Version Control System.<br/>If the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch).<br/>To bypass this behaviour, set the `PUC_FORCE_BRANCH` constant to `true` in `wp-config.php`.
 VCS credentials               | text      | Credentials for non-publicly accessible repositories.<br/>In the case of Github and Gitlab, a Personal Access Token; in the case of Bitckucket, an App Password.<br/>**WARNING: Keep these credentials secret, do not share them, and take care of renewing them before they expire!**
 Use Webhooks                  | checkbox  | Check so that each repository of the Version Control System calls a Webhook when updates are pushed.<br>When checked, UpdatePulse Server will not regularly poll repositories for package version changes, but relies on events sent by the repositories to schedule a package download.<br>Webhook URL: `https://domain.tld/updatepulse-server-webhook/package-type/package-slug` - where `package-type` is the package type (`plugin`, `theme`, or `generic`) and `package-slug` is the slug of the package that needs updates.<br>Note that UpdatePulse Server does not rely on the content of the payload to schedule a package download, so any type of event can be used to trigger the Webhook.
 Remote Download Delay         | number    | Delay in minutes after which UpdatePulse Server will poll the Version Control System for package updates when the Webhook has been called.<br>Leave at `0` to schedule a package update during the cron run happening immediately after the Webhook notification was received.

inc/manager/class-data-manager.php

@@ -172,6 +172,8 @@ class Data_Manager {
 	 * @since 1.0.0
 	 */
 	public static function maybe_setup_mu_plugin() {
+		WP_Filesystem();
+
 		global $wp_filesystem;
 
 		$result        = true;

inc/manager/class-package-manager.php

@@ -997,6 +997,7 @@ class Package_Manager {
 					$scheduled_hook = 'upserv_check_remote_' . $slug;
 
 					upserv_unwhitelist_package( $slug );
+					upserv_set_package_metadata( $slug, null );
 					Scheduler::get_instance()->unschedule_all_actions( $scheduled_hook );
 
 					/**

inc/nonce/class-nonce.php

@@ -588,6 +588,8 @@ class Nonce {
 		$sql      = "DELETE FROM {$wpdb->prefix}upserv_nonce
 			WHERE expiry < %d
 			AND (
+				JSON_VALID(`data`) = 0
+				OR (
 					JSON_VALID(`data`) = 1
 					AND (
 						JSON_EXTRACT(`data` , '$.permanent') IS NULL
@@ -595,8 +597,8 @@ class Nonce {
 						OR JSON_EXTRACT(`data` , '$.permanent') = '0'
 						OR JSON_EXTRACT(`data` , '$.permanent') = false
 					)
-			) OR
+				)
-			JSON_VALID(`data`) = 0;";
+			);";
 		$sql_args = array( time() - self::DEFAULT_EXPIRY_LENGTH );
 
 		/**

inc/server/update/class-update-server.php

@@ -1315,7 +1315,7 @@ class Update_Server {
 			$this->self_hosted
 		);
 
-		if ( $this->update_checker ) {
+		if ( $this->update_checker && $this->update_checker->slug === $slug ) {
 			return;
 		}
 

inc/templates/admin/plugin-help-page.php

@@ -52,7 +52,7 @@
 					printf(
 						// translators: %s is <code>upserv_download_remote_package( string $package_slug, string $type );</code>
 						esc_html__( '[expert] calling the %s method in your own code, with the VCS-related parameters corresponding to a VCS configuration saved in UpdatePulse Server', 'updatepulse-server' ),
-						'<code>upserv_download_remote_package( string $package_slug, string $type, string $vcs_url = false, string branch = \'main\');</code>'
+						'<code>upserv_download_remote_package( string $package_slug, string $type, string $vcs_url = false, string branch = \'main\' );</code>'
 					);
 				?>
 			</li>
@@ -285,7 +285,7 @@ Licensed With: another-plugin-or-theme-slug</pre><br>
 				// translators: %1$s is a link to opening an issue, %2$s is a contact email
 				esc_html__( 'After reading the documentation, for more help on how to use UpdatePulse Server, please %1$s - bugfixes are welcome via pull requests, detailed bug reports with accurate pointers as to where and how they occur in the code will be addressed in a timely manner, and a fee will apply for any other request (if they are addressed). If and only if you found a security issue, please contact %2$s with full details for responsible disclosure.', 'updatepulse-server' ),
 				'<a target="_blank" href="https://github.com/anyape/updatepulse-server/issues">' . esc_html__( 'open an issue on Github', 'updatepulse-server' ) . '</a>',
-				'<a href="mailto:updatepulse@anyape.come">updatepulse@anyape.com</a>',
+				'<a href="mailto:updatepulse@anyape.com">updatepulse@anyape.com</a>',
 			);
 			?>
 		</p>

inc/templates/admin/plugin-remote-sources-page.php

@@ -107,7 +107,16 @@
 					<td>
 						<input class="vcs-setting regular-text" type="text" id="upserv_vcs_branch" data-prop="branch" value="">
 						<p class="description">
-							<?php esc_html_e( 'The branch to download when getting remote packages from the Version Control System.', 'updatepulse-server' ); ?>
+							<?php
+							printf(
+								// translators: %1$s line break, %2$s is <code>PUC_FORCE_BRANCH</code>, %3$s is <code>true</code>, %4$s is <code>wp-config.php</code>
+								esc_html__( 'The branch to download when getting remote packages from the Version Control System.%1$sIf the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch).%1$sTo bypass this behaviour and exclusively rely on the branch, set the %2$s constant to %3$s in %4$s.', 'updatepulse-server' ),
+								'<br/>',
+								'<code>PUC_FORCE_BRANCH</code>',
+								'<code>true</code>',
+								'<code>wp-config.php</code>'
+							);
+							?>
 						</p>
 					</td>
 				</tr>
@@ -295,7 +304,16 @@
 					<td>
 						<input class="regular-text" type="text" id="upserv_add_vcs_branch" data-prop="branch" value="">
 						<p class="description">
-							<?php esc_html_e( 'The branch to download when getting remote packages from the Version Control System.', 'updatepulse-server' ); ?>
+							<?php
+							printf(
+								// translators: %1$s line break, %2$s is <code>PUC_FORCE_BRANCH</code>, %3$s is <code>true</code>, %4$s is <code>wp-config.php</code>
+								esc_html__( 'The branch to download when getting remote packages from the Version Control System.%1$sIf the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch).%1$sTo bypass this behaviour and exclusively rely on the branch, set the %2$s constant to %3$s in %4$s.', 'updatepulse-server' ),
+								'<br/>',
+								'<code>PUC_FORCE_BRANCH</code>',
+								'<code>true</code>',
+								'<code>wp-config.php</code>'
+							);
+							?>
 						</p>
 					</td>
 				</tr>

lib/package-update-checker/Vcs/BitbucketApi.php

@@ -84,7 +84,10 @@ if ( ! class_exists( BitbucketApi::class, false ) ) :
 				return $this->get_branch( $config_branch );
 			};
 
-			if ( ( 'main' === $config_branch || 'master' === $config_branch ) ) {
+			if (
+				( 'main' === $config_branch || 'master' === $config_branch ) &&
+				( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
+			) {
 				$strategies[ self::STRATEGY_LATEST_TAG ] = array( $this, 'get_latest_tag' );
 			}
 

lib/package-update-checker/Vcs/GitHubApi.php

@@ -458,7 +458,10 @@ if ( ! class_exists( GitHubApi::class, false ) ) :
 		protected function get_update_detection_strategies( $config_branch ) {
 			$strategies = array();
 
-			if ( 'main' === $config_branch || 'master' === $config_branch ) {
+			if (
+				( 'main' === $config_branch || 'master' === $config_branch ) &&
+				( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
+			) {
 				// Use the latest release.
 				$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
 				// Failing that, use the tag with the highest version number.

lib/package-update-checker/Vcs/GitLabApi.php

@@ -440,7 +440,10 @@ if ( ! class_exists( GitLabApi::class, false ) ) :
 		protected function get_update_detection_strategies( $config_branch ) {
 			$strategies = array();
 
-			if ( ( 'main' === $config_branch ) || ( 'master' === $config_branch ) ) {
+			if (
+				( 'main' === $config_branch ) || ( 'master' === $config_branch ) &&
+				( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
+			) {
 				$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
 				$strategies[ self::STRATEGY_LATEST_TAG ]     = array( $this, 'get_latest_tag' );
 			}

readme.txt

@@ -1,9 +1,10 @@
 === UpdatePulse Server ===
 Contributors: frogerme
+Donate link: https://paypal.me/frogerme
 Tags: Plugin updates, Theme updates, WordPress updates, License
 Requires at least: 6.7
 Tested up to: 6.7
-Stable tag: 1.0.8
+Stable tag: 1.0.10
 Requires PHP: 8.0
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -46,6 +47,15 @@ This plugin adds the following major features to WordPress:
 * **API:** UpdatePulse Server provides APIs to manage packages and licenses. The APIs keys are secured with a system of tokens: the API keys are never shared over the network, acquiring a token requires signed payloads, and the tokens have a limited lifetime. For more details about tokens and security, see [the Nonce API documentation](https://github.com/anyape/updatepulse-server/blob/main/docs/misc.md#nonce-api).
 
 To connect their plugins or themes and UpdatePulse Server, developers can find integration examples in the [UpdatePulse Server Integration Examples](https://github.com/Anyape/updatepulse-server-integration) repository - theme and plugin examples rely heavily on the popular [Plugin Update Checker](https://github.com/YahnisElsts/plugin-update-checker) by [Yahnis Elsts](https://github.com/YahnisElsts).
+== Companion Plugins ==
+
+The following plugins are compatible with UpdatePulse Server and can be used to extend its functionality:
+* [Updatepulse Blocks](https://store.anyape.com/product/updatepulse-blocks/?wl=1): a seamless way to display packages from UpdatePulse Server directly within your site using the WordPress Block Editor or shortcodes.
+* [UpdatePulse for WooCommerce](https://store.anyape.com/product/updatepulse-for-woocommerce/?wl=1): a WooCommerce connector for UpdatePulse Server, allowing you to sell licensed packages through your WooCommerce store, either on the same WordPress installation or a separate store site.
+
+Developers are encouraged to build plugins and themes [integrated](https://github.com/anyape/updatepulse-server/blob/main/README.md) with UpdatePulse Server, leveraging its publicly available functions, actions and filters, or by making use of the provided APIs.
+
+If you wish to see your plugin added to this list, please [contact the author](mailto:updatepulse@anyape.com).
 
 == Troubleshooting ==
 
@@ -63,7 +73,7 @@ Each **bug** report will be addressed in a timely manner if properly documented
 
 == Upgrade Notice ==
 
-= 1.0.8 =
+= 1.0.9 =
 
 For installations using VCS in schedule mode (as opposed to webhook mode):
 - delete all packages and re-register them
@@ -128,6 +138,15 @@ This section describes how to install the plugin and get it working.
 
 == Changelog ==
 
+= 1.0.10 =
+* Introduce constant `PUC_FORCE_BRANCH` to bypass tags & releases in VCS detection strategies
+* Minor fix
+* Fix activation issue - `WP_Filesystem` call
+
+= 1.0.9 =
+* Schedule mode: remove package metadata files when deleting packages
+* Schedule mode: make sure to reinitialise the update checker to avoid slug conflicts
+
 = 1.0.8 =
 * Fix scheduled mode package overrides. After update, if using this mode: delete all packages and re-register them ; remove any remaining `json` files from `wp-content/uploads/updatepulse-server/metadata` folder ; use the "Force Clear & Reschedule" button in the VCS settings
 * Fix VCS candidates with webhook mode

updatepulse-server.php

@@ -3,7 +3,7 @@
  * Plugin Name: UpdatePulse Server
  * Plugin URI: https://github.com/anyape/updatepulse-server/
  * Description: Run your own update server.
- * Version: 1.0.8
+ * Version: 1.0.10
  * Author: Alexandre Froger
  * Author URI: https://froger.me/
  * License: GPLv2 or later