云策 WordPress 开发者社区

函数文档

wp_ajax_update_plugin()

查看官方原文 ↗
💡 云策文档标注

概述

wp_ajax_update_plugin() 是一个 WordPress AJAX 处理函数,用于通过 AJAX 请求更新插件。它验证用户权限、处理插件数据,并利用 Plugin_Upgrader 类执行更新操作,返回 JSON 格式的成功或错误响应。

关键要点

  • 函数通过 check_ajax_referer() 验证 AJAX 请求的安全性,防止外部攻击。
  • 检查 $_POST['plugin'] 和 $_POST['slug'] 参数是否为空,若为空则返回错误信息。
  • 使用 current_user_can('update_plugins') 验证用户是否有更新插件的权限。
  • 通过 validate_file() 验证插件文件路径,确保安全性。
  • 利用 get_plugin_data() 获取插件元数据,包括版本信息。
  • 调用 wp_update_plugins() 检查插件更新,并使用 Plugin_Upgrader 和 WP_Ajax_Upgrader_Skin 执行更新。
  • 处理多种错误情况,如插件已是最新版本、文件系统连接失败等,并返回相应的 JSON 错误响应。
  • 在成功更新后,获取新版本信息并返回 JSON 成功响应。

代码示例

function wp_ajax_update_plugin() {
	check_ajax_referer( 'updates' );

	if ( empty( $_POST['plugin'] ) || empty( $_POST['slug'] ) ) {
		wp_send_json_error(
			array(
				'slug'         => '',
				'errorCode'    => 'no_plugin_specified',
				'errorMessage' => __( 'No plugin specified.' ),
			)
		);
	}

	$plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );

	$status = array(
		'update'     => 'plugin',
		'slug'       => sanitize_key( wp_unslash( $_POST['slug'] ) ),
		'oldVersion' => '',
		'newVersion' => '',
	);

	if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
		$status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
		wp_send_json_error( $status );
	}

	$plugin_data          = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
	$status['plugin']     = $plugin;
	$status['pluginName'] = $plugin_data['Name'];

	if ( $plugin_data['Version'] ) {
		/* translators: %s: Plugin version. */
		$status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
	}

	require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';

	wp_update_plugins();

	$skin     = new WP_Ajax_Upgrader_Skin();
	$upgrader = new Plugin_Upgrader( $skin );
	$result   = $upgrader->bulk_upgrade( array( $plugin ) );

	if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
		$status['debug'] = $skin->get_upgrade_messages();
	}

	if ( is_wp_error( $skin->result ) ) {
		$status['errorCode']    = $skin->result->get_error_code();
		$status['errorMessage'] = $skin->result->get_error_message();
		wp_send_json_error( $status );
	} elseif ( $skin->get_errors()->has_errors() ) {
		$status['errorMessage'] = $skin->get_error_messages();
		wp_send_json_error( $status );
	} elseif ( is_array( $result ) && ! empty( $result[ $plugin ] ) ) {

		/*
		 * Plugin is already at the latest version.
		 *
		 * This may also be the return value if the `update_plugins` site transient is empty,
		 * e.g. when you update two plugins in quick succession before the transient repopulates.
		 *
		 * Preferably something can be done to ensure `update_plugins` isn't empty.
		 * For now, surface some sort of error here.
		 */
		if ( true === $result[ $plugin ] ) {
			$status['errorMessage'] = $upgrader->strings['up_to_date'];
			wp_send_json_error( $status );
		}

		$plugin_data = get_plugins( '/' . $result[ $plugin ]['destination_name'] );
		$plugin_data = reset( $plugin_data );

		if ( $plugin_data['Version'] ) {
			/* translators: %s: Plugin version. */
			$status['newVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
		}

		wp_send_json_success( $status );
	} elseif ( false === $result ) {
		global $wp_filesystem;

		$status['errorCode']    = 'unable_to_connect_to_filesystem';
		$status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' );

		// Pass through the error from WP_Filesystem if one was raised.
		if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) {
			$status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() );
		}

		wp_send_json_error( $status );
	}

	// An unhandled error occurred.
	$status['errorMessage'] = __( 'Plugin update failed.' );
	wp_send_json_error( $status );
}

注意事项

  • 此函数依赖于 WordPress 核心的更新机制,包括 Plugin_Upgrader 和 WP_Ajax_Upgrader_Skin 类,确保在调用前已加载相关文件。
  • 错误处理覆盖多种场景,如权限不足、文件验证失败、插件已是最新版本、文件系统连接问题等,开发者需根据返回的 JSON 错误码进行相应处理。
  • 在 WP_DEBUG 模式下,会返回调试信息,便于排查更新过程中的问题。
  • 函数自 WordPress 4.2.0 版本引入,使用时需确保 WordPress 版本兼容。
📄 原文内容

Handles updating a plugin via AJAX.

Description

See also

Source

function wp_ajax_update_plugin() {
	check_ajax_referer( 'updates' );

	if ( empty( $_POST['plugin'] ) || empty( $_POST['slug'] ) ) {
		wp_send_json_error(
			array(
				'slug'         => '',
				'errorCode'    => 'no_plugin_specified',
				'errorMessage' => __( 'No plugin specified.' ),
			)
		);
	}

	$plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );

	$status = array(
		'update'     => 'plugin',
		'slug'       => sanitize_key( wp_unslash( $_POST['slug'] ) ),
		'oldVersion' => '',
		'newVersion' => '',
	);

	if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
		$status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
		wp_send_json_error( $status );
	}

	$plugin_data          = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
	$status['plugin']     = $plugin;
	$status['pluginName'] = $plugin_data['Name'];

	if ( $plugin_data['Version'] ) {
		/* translators: %s: Plugin version. */
		$status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
	}

	require_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';

	wp_update_plugins();

	$skin     = new WP_Ajax_Upgrader_Skin();
	$upgrader = new Plugin_Upgrader( $skin );
	$result   = $upgrader->bulk_upgrade( array( $plugin ) );

	if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) {
		$status['debug'] = $skin->get_upgrade_messages();
	}

	if ( is_wp_error( $skin->result ) ) {
		$status['errorCode']    = $skin->result->get_error_code();
		$status['errorMessage'] = $skin->result->get_error_message();
		wp_send_json_error( $status );
	} elseif ( $skin->get_errors()->has_errors() ) {
		$status['errorMessage'] = $skin->get_error_messages();
		wp_send_json_error( $status );
	} elseif ( is_array( $result ) && ! empty( $result[ $plugin ] ) ) {

		/*
		 * Plugin is already at the latest version.
		 *
		 * This may also be the return value if the `update_plugins` site transient is empty,
		 * e.g. when you update two plugins in quick succession before the transient repopulates.
		 *
		 * Preferably something can be done to ensure `update_plugins` isn't empty.
		 * For now, surface some sort of error here.
		 */
		if ( true === $result[ $plugin ] ) {
			$status['errorMessage'] = $upgrader->strings['up_to_date'];
			wp_send_json_error( $status );
		}

		$plugin_data = get_plugins( '/' . $result[ $plugin ]['destination_name'] );
		$plugin_data = reset( $plugin_data );

		if ( $plugin_data['Version'] ) {
			/* translators: %s: Plugin version. */
			$status['newVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
		}

		wp_send_json_success( $status );
	} elseif ( false === $result ) {
		global $wp_filesystem;

		$status['errorCode']    = 'unable_to_connect_to_filesystem';
		$status['errorMessage'] = __( 'Unable to connect to the filesystem. Please confirm your credentials.' );

		// Pass through the error from WP_Filesystem if one was raised.
		if ( $wp_filesystem instanceof WP_Filesystem_Base && is_wp_error( $wp_filesystem->errors ) && $wp_filesystem->errors->has_errors() ) {
			$status['errorMessage'] = esc_html( $wp_filesystem->errors->get_error_message() );
		}

		wp_send_json_error( $status );
	}

	// An unhandled error occurred.
	$status['errorMessage'] = __( 'Plugin update failed.' );
	wp_send_json_error( $status );
}

View all references View on Trac View on GitHub

Uses Description
WP_Ajax_Upgrader_Skin::__construct()wp-admin/includes/class-wp-ajax-upgrader-skin.php

Constructor.
get_plugin_data()wp-admin/includes/plugin.php

Parses the plugin contents to retrieve plugin’s metadata.
get_plugins()wp-admin/includes/plugin.php

Checks the plugins directory and retrieve all plugin files with plugin data.
validate_file()wp-includes/functions.php

Validates a file name and path against an allowed set of rules.
wp_update_plugins()wp-includes/update.php

Checks for available updates to plugins based on the latest versions hosted on WordPress.org.
plugin_basename()wp-includes/plugin.php

Gets the basename of a plugin.
current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.
__()wp-includes/l10n.php

Retrieves the translation of $text.
sanitize_text_field()wp-includes/formatting.php

Sanitizes a string from user input or from the database.
wp_unslash()wp-includes/formatting.php

Removes slashes from a string or recursively removes slashes from strings within an array.
esc_html()wp-includes/formatting.php

Escaping for HTML blocks.
sanitize_key()wp-includes/formatting.php

Sanitizes a string key.
check_ajax_referer()wp-includes/pluggable.php

Verifies the Ajax request to prevent processing requests external of the blog.
wp_send_json_error()wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating failure.
wp_send_json_success()wp-includes/functions.php

Sends a JSON response back to an Ajax request, indicating success.
is_wp_error()wp-includes/load.php

Checks whether the given variable is a WordPress Error.

Show 11 moreShow less

Changelog

Version Description
4.2.0 Introduced.