Skip to content

FAQs

Jump to bottom Edit New page
Andy Fragen edited this page Nov 20, 2021 · 24 revisions

Frequently Asked Questions

  • Securing your wp-dependencies.json

    Potentially anyone ( depending on your server configuration ) may have free read access to your wp-dependencies.json file. If you are worried that some attacker might find your personal secret token to download VCS repositories ( eg. from GitHub ), so take a look at this code snippet:

    // Load wp-dependencies.json from a custom private folder.

$wpdi   = WP_Dependency_Installer::instance( __DIR__ );

$config = $wpdi->json_file_decode( YOUR_PRIVATE_DIR . '/wp-dependencies.json' ); 

$wpdi->register( $config )->run();

    see also: Associative Array Config for some other alternative solutions.

  • required vs optional option, what happens if i define them both?

    Since these options have an opposite meaning, developers are free to use the one they like most from time to time. If both are defined, here it is the golden rule:

    • The optional option is always ignored when both are defined
    • The required option always takes precedence over the optional option.

    Example:

    [
  {
    "name": "Git Updater",
    "host": "github",
    "slug": "git-updater/git-updater.php",
    "uri": "afragen/git-updater",
    "branch": "develop",
    "required": true, // <-- ie. this is a mandatory plugin dependency
    "optional": true, // <-- ie. so this is also an optional plugin? The answer is NO.
    "token": null
  },
  {
    "name": "Query Monitor",
    "host": "wordpress",
    "slug": "query-monitor/query-monitor.php",
    "uri": "https://wordpress.org/plugins/query-monitor/",
    "required": false, // <-- ie. this an optional plugin dependency
    "optional": false, // <-- ie. so this is also a mandatory plugin? The answer is NO.
    "token": null
  }
]

  • What happens if two plugins define or share the same plugin dependency?

    In this case the rules to follow are the following:

    • if the plugin is not mandatory --> the first registered configuration is used
    • if the plugin is required --> the last registered configuration is used
    • in mixed cases (mandatory + optional) --> the last mandatory configuration is used

    Plugin A

    [
  {
    "name": "Query Monitor",
    "host": "wordpress",
    "slug": "query-monitor/query-monitor.php",
    "uri": "https://wordpress.org/plugins/query-monitor/",
    "optional": true,
    "token": "<github token 1>" // <-- ie. this token value will never be used on all subsequent API calls
  }
]

    Plugin B

    [
  {
    "name": "Query Monitor",
    "host": "wordpress",
    "slug": "query-monitor/query-monitor.php",
    "uri": "https://wordpress.org/plugins/query-monitor/",
    "required": true,
    "token": null  // <-- ie. instead, this token value will be used on all subsequent API calls
  }
]

    Plugin C

    [
  {
    "name": "Query Monitor",
    "host": "wordpress",
    "slug": "query-monitor/query-monitor.php",
    "uri": "https://wordpress.org/plugins/query-monitor/",
    "optional": true,
    "token": "<github token 2>"  // <-- ie. instead, this token value will never be used on all subsequent API calls
  }
]

    NB Example needs to be fixed for non-dot-org plugin, wp.org plugins don't have tokens.

  • What if multiple plugins include different versions of this library?

    According to the wordpress loading sequence:

    • must have plugins take precedence plugins and theme
    • plugins take precedence over the theme
    • child theme takes precedence over parent theme

    If several plugins include different versions of this library, the one with alphabetic precedence is executed. In order to prevent incompatibility errors between several versions, you can insert an health check notice within your plugin or theme just to display an error message similar to the following:

    /**
 * Group Plugin Installer
 *
 * @author  Andy Fragen
 * @license MIT
 * @link    https://github.com/afragen/group-plugin-installer
 * @package group-plugin-installer
 */

require_once __DIR__ . '/vendor/autoload.php';

// Sanity check for WPDI v3.0.0
if ( ! method_exists( 'WP_Dependency_Installer', 'json_file_decode' ) ) {
 add_action(
   'admin_notices',
   function() {
     $class   = 'notice notice-error is-dismissible';
     $label   = __( 'Group Plugin Installer', 'group-plugin-installer' );
     $file    = ( new ReflectionClass( 'WP_Dependency_Installer' ) )->getFilename();
     $message = __( 'Another theme or plugin is using a previous version of the WPDI library, please update this file and try again:', 'group-plugin-installer' );
     printf( '<div class="%1$s"><p><strong>[%2$s]</strong> %3$s</p><pre>%4$s</pre></div>', esc_attr( $class ), esc_html( $label ), esc_html( $message ), esc_html( $file ) );
   },
   1
 );
 return false; // Exit early.
}

WP_Dependency_Installer::instance( __DIR__ )->run(); // Safe code execution.
Add a custom footer
Clone this wiki locally