We develop the Shield Security plugin and we’ve been offering support for ClassicPress for a while now and we recently got contacted by a customer who is seeing some inconsistencies with our display of Automatic Updates for WP/CP Core.
Our plugin handles the switch between WP/CP automatically, so this was odd. So we went digging and have an issue with the way CP handles automatic updates.
I’ve done some searching, and it seems that the general consensus has been to honour the pre-existing WP filters and hooks for Background Updates. This simplifies things greatly. If this is the case, then I’ve found some rather significant bugs with the implementation. If it’s not the case, you can completely ignore me.
To understand this, we need to clarify what we mean by “major” and “minor” updates. WordPress’ definitions are as follows:
‘Major’ - this is any update where the 2nd digit in the version string changes. i.e 1.0 -> 1.1; 1.0 -> 1.2
‘Minor’ - this is any update where the 3rd digit in the version string changes: i.e. 1.0.1 -> 1.0.2; 5.3->5.3.1
To reflect these, WP provides 2x filters:
This doesn’t quite align with semantic versioning as used by many developers, but that’s just the way it currently is.
And it seems that the development of CP automatic updates has adopted this approach. Because the code clearly uses the WP filters in different places.
For example, the CP update code uses the WordPress “major” filter to modify behaviour if upgrade is a “semantically major” version, not a “WordPress major version”.
In CP, the WordPress “minor” filter modifies behaviour for upgrades that are “semantically minor”, but that should be “WordPress major”.
And then the CP developer has introduced a new filter called “allow_patch_auto_core_updates” to account for what were essentially “WordPress minor” upgrades.
Again, if the behaviour I’ve outlined here is fully intended, this is not a bug, of course. But what it basically does is break compatibility with any other plugin or implementation that uses the previously standard WordPress filters. Is there any definitive documentation somewhere around these adjustments of hooks and the new hooks? I can adjust Shield to compensate, but I’d like to do that on the basis of some sort of official doc on it.
What might something to consider in the future for a case like this where CP reuses the WP API but changes its behaviour, is to introduce new ClassicPress filters and then tie-in the older, WordPress filters to modify behaviour based on CP’s functionality.
This issue is because of CP’s new implementation of automatic updates checking that doesn’t take into account how WordPress was previously testing using strings like “’.1.next.minor’”