From d4a206ab1f715b29188c25dca5fedf2eaee52f43 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 14 Apr 2025 07:47:20 +0800
Subject: [PATCH 01/10] donate link
---
readme.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/readme.txt b/readme.txt
index 3c3bfe9..b2fbde4 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,5 +1,6 @@
=== UpdatePulse Server ===
Contributors: frogerme
+Donate link: https://paypal.me/frogerme
Tags: Plugin updates, Theme updates, WordPress updates, License
Requires at least: 6.7
Tested up to: 6.7
From ec8856175ba9ae6377eafad6b30055f4f70a189f Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Tue, 22 Apr 2025 10:18:53 +0800
Subject: [PATCH 02/10] Introduce constant `PUC_FORCE_BRANCH` to bypass tags &
releases in VCS detection strategies
---
lib/package-update-checker/Vcs/BitbucketApi.php | 5 ++++-
lib/package-update-checker/Vcs/GitHubApi.php | 5 ++++-
lib/package-update-checker/Vcs/GitLabApi.php | 5 ++++-
readme.txt | 5 ++++-
updatepulse-server.php | 2 +-
5 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/lib/package-update-checker/Vcs/BitbucketApi.php b/lib/package-update-checker/Vcs/BitbucketApi.php
index ec310d1..2fd864b 100644
--- a/lib/package-update-checker/Vcs/BitbucketApi.php
+++ b/lib/package-update-checker/Vcs/BitbucketApi.php
@@ -84,7 +84,10 @@ if ( ! class_exists( BitbucketApi::class, false ) ) :
return $this->get_branch( $config_branch );
};
- if ( ( 'main' === $config_branch || 'master' === $config_branch ) ) {
+ if (
+ ( 'main' === $config_branch || 'master' === $config_branch ) &&
+ ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ) {
$strategies[ self::STRATEGY_LATEST_TAG ] = array( $this, 'get_latest_tag' );
}
diff --git a/lib/package-update-checker/Vcs/GitHubApi.php b/lib/package-update-checker/Vcs/GitHubApi.php
index 0526bb3..b39e35b 100644
--- a/lib/package-update-checker/Vcs/GitHubApi.php
+++ b/lib/package-update-checker/Vcs/GitHubApi.php
@@ -458,7 +458,10 @@ if ( ! class_exists( GitHubApi::class, false ) ) :
protected function get_update_detection_strategies( $config_branch ) {
$strategies = array();
- if ( 'main' === $config_branch || 'master' === $config_branch ) {
+ if (
+ ( 'main' === $config_branch || 'master' === $config_branch ) &&
+ ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ) {
// Use the latest release.
$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
// Failing that, use the tag with the highest version number.
diff --git a/lib/package-update-checker/Vcs/GitLabApi.php b/lib/package-update-checker/Vcs/GitLabApi.php
index df3dced..45cba1d 100644
--- a/lib/package-update-checker/Vcs/GitLabApi.php
+++ b/lib/package-update-checker/Vcs/GitLabApi.php
@@ -440,7 +440,10 @@ if ( ! class_exists( GitLabApi::class, false ) ) :
protected function get_update_detection_strategies( $config_branch ) {
$strategies = array();
- if ( ( 'main' === $config_branch ) || ( 'master' === $config_branch ) ) {
+ if (
+ ( 'main' === $config_branch ) || ( 'master' === $config_branch ) &&
+ ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ) {
$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
$strategies[ self::STRATEGY_LATEST_TAG ] = array( $this, 'get_latest_tag' );
}
diff --git a/readme.txt b/readme.txt
index b2fbde4..e4e26f7 100644
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://paypal.me/frogerme
Tags: Plugin updates, Theme updates, WordPress updates, License
Requires at least: 6.7
Tested up to: 6.7
-Stable tag: 1.0.9
+Stable tag: 1.0.10
Requires PHP: 8.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-3.0.html
@@ -129,6 +129,9 @@ This section describes how to install the plugin and get it working.
== Changelog ==
+= 1.0.10 =
+* Introduce constant `PUC_FORCE_BRANCH` to bypass tags & releases in VCS detection strategies
+
= 1.0.9 =
* Schedule mode: remove package metadata files when deleting packages
* Schedule mode: make sure to reinitialise the update checker to avoid slug conflicts
diff --git a/updatepulse-server.php b/updatepulse-server.php
index 71c7a02..7a75ab4 100644
--- a/updatepulse-server.php
+++ b/updatepulse-server.php
@@ -3,7 +3,7 @@
* Plugin Name: UpdatePulse Server
* Plugin URI: https://github.com/anyape/updatepulse-server/
* Description: Run your own update server.
- * Version: 1.0.9
+ * Version: 1.0.10
* Author: Alexandre Froger
* Author URI: https://froger.me/
* License: GPLv2 or later
From c6155be1facfd4674b98bc070fcb82d71e3934b3 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Tue, 22 Apr 2025 11:33:02 +0800
Subject: [PATCH 03/10] Introduce constant `PUC_FORCE_BRANCH` to bypass tags &
releases in VCS detection strategies
---
README.md | 2 +-
.../admin/plugin-remote-sources-page.php | 22 +++++++++++++++++--
.../Vcs/BitbucketApi.php | 2 +-
lib/package-update-checker/Vcs/GitHubApi.php | 2 +-
lib/package-update-checker/Vcs/GitLabApi.php | 2 +-
5 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/README.md b/README.md
index 62ae54a..ace678e 100644
--- a/README.md
+++ b/README.md
@@ -151,7 +151,7 @@ Name | Type | Description
Enable VCS | checkbox | Enables this server to download packages from a Version Control System before delivering updates. Supports Bitbucket, Github and Gitlab. If left unchecked, zip packages need to be manually uploaded to `wp-content/plugins/updatepulse-server/packages`.
VCS URL | text | The URL of the Version Control System where packages are hosted. Must follow the following pattern: `https://version-control-system.tld/username` where `https://version-control-system.tld` may be a self-hosted instance of Gitlab. Each package repository URL must follow the following pattern: `https://version-control-system.tld/username/package-slug/`; the package files must be located at the root of the repository, and in the case of WordPress plugins the main plugin file must follow the pattern `package-slug.php`.
Self-hosted VCS | checkbox | Check this only if the Version Control System is a self-hosted instance of Gitlab.
-Packages branch name | text | The branch to download when getting remote packages from the Version Control System.
+Packages branch name | text | The branch to download when getting remote packages from the Version Control System. If the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch). To bypass this behaviour, set the `PUC_FORCE_BRANCH` constant to `true` in `wp-config.php`.
VCS credentials | text | Credentials for non-publicly accessible repositories. In the case of Github and Gitlab, a Personal Access Token; in the case of Bitckucket, an App Password. **WARNING: Keep these credentials secret, do not share them, and take care of renewing them before they expire!**
Use Webhooks | checkbox | Check so that each repository of the Version Control System calls a Webhook when updates are pushed. When checked, UpdatePulse Server will not regularly poll repositories for package version changes, but relies on events sent by the repositories to schedule a package download. Webhook URL: `https://domain.tld/updatepulse-server-webhook/package-type/package-slug` - where `package-type` is the package type (`plugin`, `theme`, or `generic`) and `package-slug` is the slug of the package that needs updates. Note that UpdatePulse Server does not rely on the content of the payload to schedule a package download, so any type of event can be used to trigger the Webhook.
Remote Download Delay | number | Delay in minutes after which UpdatePulse Server will poll the Version Control System for package updates when the Webhook has been called. Leave at `0` to schedule a package update during the cron run happening immediately after the Webhook notification was received.
diff --git a/inc/templates/admin/plugin-remote-sources-page.php b/inc/templates/admin/plugin-remote-sources-page.php
index 243cfd4..6fca6e5 100644
--- a/inc/templates/admin/plugin-remote-sources-page.php
+++ b/inc/templates/admin/plugin-remote-sources-page.php
@@ -107,7 +107,16 @@
-
+ PUC_FORCE_BRANCH, %3$s is true, %4$s is wp-config.php
+ esc_html__( 'The branch to download when getting remote packages from the Version Control System.%1$sIf the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch).%1$sTo bypass this behaviour and exclusively rely on the branch, set the %2$s constant to %3$s in %4$s.', 'updatepulse-server' ),
+ ' ',
+ 'PUC_FORCE_BRANCH',
+ 'true',
+ 'wp-config.php'
+ );
+ ?>
@@ -295,7 +304,16 @@
-
+ PUC_FORCE_BRANCH, %3$s is true, %4$s is wp-config.php
+ esc_html__( 'The branch to download when getting remote packages from the Version Control System.%1$sIf the VCS supports releases or tags, they will be prioritised over the branch name (release first, then tag, then branch).%1$sTo bypass this behaviour and exclusively rely on the branch, set the %2$s constant to %3$s in %4$s.', 'updatepulse-server' ),
+ ' ',
+ 'PUC_FORCE_BRANCH',
+ 'true',
+ 'wp-config.php'
+ );
+ ?>
diff --git a/lib/package-update-checker/Vcs/BitbucketApi.php b/lib/package-update-checker/Vcs/BitbucketApi.php
index 2fd864b..754b2d3 100644
--- a/lib/package-update-checker/Vcs/BitbucketApi.php
+++ b/lib/package-update-checker/Vcs/BitbucketApi.php
@@ -86,7 +86,7 @@ if ( ! class_exists( BitbucketApi::class, false ) ) :
if (
( 'main' === $config_branch || 'master' === $config_branch ) &&
- ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
) {
$strategies[ self::STRATEGY_LATEST_TAG ] = array( $this, 'get_latest_tag' );
}
diff --git a/lib/package-update-checker/Vcs/GitHubApi.php b/lib/package-update-checker/Vcs/GitHubApi.php
index b39e35b..2bcddb4 100644
--- a/lib/package-update-checker/Vcs/GitHubApi.php
+++ b/lib/package-update-checker/Vcs/GitHubApi.php
@@ -460,7 +460,7 @@ if ( ! class_exists( GitHubApi::class, false ) ) :
if (
( 'main' === $config_branch || 'master' === $config_branch ) &&
- ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
) {
// Use the latest release.
$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
diff --git a/lib/package-update-checker/Vcs/GitLabApi.php b/lib/package-update-checker/Vcs/GitLabApi.php
index 45cba1d..886d06c 100644
--- a/lib/package-update-checker/Vcs/GitLabApi.php
+++ b/lib/package-update-checker/Vcs/GitLabApi.php
@@ -442,7 +442,7 @@ if ( ! class_exists( GitLabApi::class, false ) ) :
if (
( 'main' === $config_branch ) || ( 'master' === $config_branch ) &&
- ( ! defined( PUC_FORCE_BRANCH ) || ! PUC_FORCE_BRANCH )
+ ( ! defined( 'PUC_FORCE_BRANCH' ) || ! (bool) ( constant( 'PUC_FORCE_BRANCH' ) ) )
) {
$strategies[ self::STRATEGY_LATEST_RELEASE ] = array( $this, 'get_latest_release' );
$strategies[ self::STRATEGY_LATEST_TAG ] = array( $this, 'get_latest_tag' );
From 15ce0595123210b504338f018b0b1e253051d44a Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:35:17 +0800
Subject: [PATCH 04/10] email fix
---
inc/templates/admin/plugin-help-page.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inc/templates/admin/plugin-help-page.php b/inc/templates/admin/plugin-help-page.php
index c782712..001b6dd 100644
--- a/inc/templates/admin/plugin-help-page.php
+++ b/inc/templates/admin/plugin-help-page.php
@@ -285,7 +285,7 @@ Licensed With: another-plugin-or-theme-slug
// translators: %1$s is a link to opening an issue, %2$s is a contact email
esc_html__( 'After reading the documentation, for more help on how to use UpdatePulse Server, please %1$s - bugfixes are welcome via pull requests, detailed bug reports with accurate pointers as to where and how they occur in the code will be addressed in a timely manner, and a fee will apply for any other request (if they are addressed). If and only if you found a security issue, please contact %2$s with full details for responsible disclosure.', 'updatepulse-server' ),
'' . esc_html__( 'open an issue on Github', 'updatepulse-server' ) . '',
- 'updatepulse@anyape.com',
+ 'updatepulse@anyape.com',
);
?>
From deda3090c312127531db33b531777c639bdec5e8 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:36:13 +0800
Subject: [PATCH 05/10] readme Companion Plugins
---
readme.txt | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/readme.txt b/readme.txt
index e4e26f7..992c08a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -47,6 +47,15 @@ This plugin adds the following major features to WordPress:
* **API:** UpdatePulse Server provides APIs to manage packages and licenses. The APIs keys are secured with a system of tokens: the API keys are never shared over the network, acquiring a token requires signed payloads, and the tokens have a limited lifetime. For more details about tokens and security, see [the Nonce API documentation](https://github.com/anyape/updatepulse-server/blob/main/docs/misc.md#nonce-api).
To connect their plugins or themes and UpdatePulse Server, developers can find integration examples in the [UpdatePulse Server Integration Examples](https://github.com/Anyape/updatepulse-server-integration) repository - theme and plugin examples rely heavily on the popular [Plugin Update Checker](https://github.com/YahnisElsts/plugin-update-checker) by [Yahnis Elsts](https://github.com/YahnisElsts).
+== Companion Plugins ==
+
+The following plugins are compatible with UpdatePulse Server and can be used to extend its functionality:
+* [Updatepulse Blocks](https://store.anyape.com/product/updatepulse-blocks/): a seamless way to display packages from UpdatePulse Server directly within your site using the WordPress Block Editor or shortcodes.
+* [UpdatePulse for WooCommerce](https://store.anyape.com/product/updatepulse-for-woocommerce/): a WooCommerce connector for UpdatePulse Server, allowing you to sell licensed packages through your WooCommerce store, either on the same WordPress installation or a separate store site.
+
+Developers are encouraged to build plugins and themes [integrated](https://github.com/anyape/updatepulse-server/blob/main/README.md) with UpdatePulse Server, leveraging its publicly available functions, actions and filters, or by making use of the provided APIs.
+
+If you wish to see your plugin added to this list, please [contact the author](mailto:updatepulse@anyape.com).
== Troubleshooting ==
From e1fc90780e606ad1f186dc87021254f49c801bd7 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:37:47 +0800
Subject: [PATCH 06/10] typo fix
---
inc/templates/admin/plugin-help-page.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/inc/templates/admin/plugin-help-page.php b/inc/templates/admin/plugin-help-page.php
index 001b6dd..197876a 100644
--- a/inc/templates/admin/plugin-help-page.php
+++ b/inc/templates/admin/plugin-help-page.php
@@ -52,7 +52,7 @@
printf(
// translators: %s is upserv_download_remote_package( string $package_slug, string $type );
esc_html__( '[expert] calling the %s method in your own code, with the VCS-related parameters corresponding to a VCS configuration saved in UpdatePulse Server', 'updatepulse-server' ),
- 'upserv_download_remote_package( string $package_slug, string $type, string $vcs_url = false, string branch = \'main\');'
+ 'upserv_download_remote_package( string $package_slug, string $type, string $vcs_url = false, string branch = \'main\' );'
);
?>
From 575c7c3cdb21844a048028f9c09b7ba2400cd871 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:38:14 +0800
Subject: [PATCH 07/10] readme update
---
readme.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/readme.txt b/readme.txt
index 992c08a..85edc62 100644
--- a/readme.txt
+++ b/readme.txt
@@ -140,6 +140,7 @@ This section describes how to install the plugin and get it working.
= 1.0.10 =
* Introduce constant `PUC_FORCE_BRANCH` to bypass tags & releases in VCS detection strategies
+* Minor fix
= 1.0.9 =
* Schedule mode: remove package metadata files when deleting packages
From 8efebb1774c0ed5c15a1caf8e3e38fa3b5601f2a Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:41:48 +0800
Subject: [PATCH 08/10] wl to readme links
---
readme.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/readme.txt b/readme.txt
index 85edc62..10e48fa 100644
--- a/readme.txt
+++ b/readme.txt
@@ -50,8 +50,8 @@ To connect their plugins or themes and UpdatePulse Server, developers can find i
== Companion Plugins ==
The following plugins are compatible with UpdatePulse Server and can be used to extend its functionality:
-* [Updatepulse Blocks](https://store.anyape.com/product/updatepulse-blocks/): a seamless way to display packages from UpdatePulse Server directly within your site using the WordPress Block Editor or shortcodes.
-* [UpdatePulse for WooCommerce](https://store.anyape.com/product/updatepulse-for-woocommerce/): a WooCommerce connector for UpdatePulse Server, allowing you to sell licensed packages through your WooCommerce store, either on the same WordPress installation or a separate store site.
+* [Updatepulse Blocks](https://store.anyape.com/product/updatepulse-blocks/?wl=1): a seamless way to display packages from UpdatePulse Server directly within your site using the WordPress Block Editor or shortcodes.
+* [UpdatePulse for WooCommerce](https://store.anyape.com/product/updatepulse-for-woocommerce/?wl=1): a WooCommerce connector for UpdatePulse Server, allowing you to sell licensed packages through your WooCommerce store, either on the same WordPress installation or a separate store site.
Developers are encouraged to build plugins and themes [integrated](https://github.com/anyape/updatepulse-server/blob/main/README.md) with UpdatePulse Server, leveraging its publicly available functions, actions and filters, or by making use of the provided APIs.
From 8356ac6ca27dd109adab5abe7bab1ae696051a69 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Wed, 4 Jun 2025 21:40:26 +0800
Subject: [PATCH 09/10] fix nonce cleanup
---
inc/nonce/class-nonce.php | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/inc/nonce/class-nonce.php b/inc/nonce/class-nonce.php
index 2bce8a5..734ac66 100644
--- a/inc/nonce/class-nonce.php
+++ b/inc/nonce/class-nonce.php
@@ -588,15 +588,17 @@ class Nonce {
$sql = "DELETE FROM {$wpdb->prefix}upserv_nonce
WHERE expiry < %d
AND (
- JSON_VALID(`data`) = 1
- AND (
- JSON_EXTRACT(`data` , '$.permanent') IS NULL
- OR JSON_EXTRACT(`data` , '$.permanent') = 0
- OR JSON_EXTRACT(`data` , '$.permanent') = '0'
- OR JSON_EXTRACT(`data` , '$.permanent') = false
+ JSON_VALID(`data`) = 0
+ OR (
+ JSON_VALID(`data`) = 1
+ AND (
+ JSON_EXTRACT(`data` , '$.permanent') IS NULL
+ OR JSON_EXTRACT(`data` , '$.permanent') = 0
+ OR JSON_EXTRACT(`data` , '$.permanent') = '0'
+ OR JSON_EXTRACT(`data` , '$.permanent') = false
+ )
)
- ) OR
- JSON_VALID(`data`) = 0;";
+ );";
$sql_args = array( time() - self::DEFAULT_EXPIRY_LENGTH );
/**
From 84da98bc6a86fb865ec4a6b0f4d2f3d43bf3bd24 Mon Sep 17 00:00:00 2001
From: Alexandre Froger <3622456+froger-me@users.noreply.github.com>
Date: Fri, 6 Jun 2025 10:38:22 +0800
Subject: [PATCH 10/10] Fix activation issue - `WP_Filesystem` call
---
inc/manager/class-data-manager.php | 2 ++
readme.txt | 1 +
2 files changed, 3 insertions(+)
diff --git a/inc/manager/class-data-manager.php b/inc/manager/class-data-manager.php
index d4454c3..01037c0 100644
--- a/inc/manager/class-data-manager.php
+++ b/inc/manager/class-data-manager.php
@@ -172,6 +172,8 @@ class Data_Manager {
* @since 1.0.0
*/
public static function maybe_setup_mu_plugin() {
+ WP_Filesystem();
+
global $wp_filesystem;
$result = true;
diff --git a/readme.txt b/readme.txt
index 10e48fa..fc0fc1d 100644
--- a/readme.txt
+++ b/readme.txt
@@ -141,6 +141,7 @@ This section describes how to install the plugin and get it working.
= 1.0.10 =
* Introduce constant `PUC_FORCE_BRANCH` to bypass tags & releases in VCS detection strategies
* Minor fix
+* Fix activation issue - `WP_Filesystem` call
= 1.0.9 =
* Schedule mode: remove package metadata files when deleting packages