HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Plugin Installer (WIP)

rasteronrasteron ✭✭
edited February 2015 in Feedback

Just created a work in progress Plugin Installer..

http://forum.rastercode.com/5-plugin-installer-version-1-0-alpha-wip

No more FTP plugin uploads :)

Comments

  • I don't see the code anywhere.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • hey @hgtonight it's still a work in progress and soon to be released :)

  • Gotcha. I was looking for some code to read :glasses:

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • x00x00 MVP
    edited February 2015

    @rasteron it is a nice idea, but the versioning simply isn't refined enough to warrant such an approach, you are not the first to try.

    I'm also not really a fan of the wordpress approach. The idea of the a web application / CMS managing a server is the tail waging the dog. It is not sane.

    I think a better approach would much more like framework like django work, with deployment scripts (such as using fabric). You could create client side plugin management, using secure method such as ssh/scp/git/rsync to update. Therefore you don't have to compromise the security of your server, just to have a little convenience.

    It is my wish that we more out of the era of the old cheap web host, where people people set the file permission sky hight, and no clue about let a alone control over ownership and proper file management.

    grep is your friend.

  • rasteronrasteron ✭✭
    edited February 2015

    @x00

    Thanks for the feedback. :) Again, as I have posted above, this is still a work in progress and only solves the manual ftp installation upload. That's why I only put up a demo. I have more things in store for this plugin including version checking on later releases. Also, doing these plugin work on vanilla or any other platforms is a hobby of mine and part of my side job as a php developer, as some of my clients demand these kind of things for their management and website needs.

    I'm also not really a fan of the wordpress approach. The idea of the a web application / CMS managing a server is the tail waging the dog. It is not sane.

    ..well, to each his own :) there are always pros and cons on every cms or software out there.

    cheers.

  • Sure I just don't think a cms has any place managing a server or file management, beyond normal (non-executable) uploads.

    I advise my clients not to rely on such methods. I consider it part of my job to give them good advice. Sometime that involves telling them when something is a bad idea.

    I don't use cpanels personally, but those are special cases heavily sandboxed rather that a standard entry point, and uses mostly sane methods underneath so isn't the tail waging the dog, simply a isolated front end for server management commands.

    Even the development of that wordpress feature wasn't not without controversy amongst their developers. The only thing that have in their favour is the amount of staff, maturity, and speed of development, limiting the time problems are wild. However, the requirements to make this work soften server by allowing scripting based file management, and also often exposing credentials is a risk. That means any exploit, would potentially put more files at risk, than a well managed server.

    The only reason why these features were developed in the first place is the server industry especially at the lower end of the market was lazy, and didn't properly develop the utility to do the minimum of file management good practice. Instead they relied on the same cloned setups, with little or no innovation.

    In software if you keep supporting the same approaches, it will be slower to change.

    Of course I support wordpress, but as a general approach to plugin updates I wouldn't recommend it for new projects.

    grep is your friend.

  • I consider it part of my job to give them good advice.

    yep I always gave my clients great advice too, in fact I never had a security problem with all my clients website. I know a lot more about security and that is my number 1 priority. B)

    Thank you for your opinion though and maybe you should voice out that plugin opinion/problem to wordpress. :)

  • @rasteron While you are on the topic, I would recommend to keep in mind that Vanilla Forums has a dependency management mechanism built in. A plugin installation may fail if that plugin require some specific application or plugin to be installed, enabled and configured beforehand. You might be able to automatically install some dependencies, while others may have to be installed manually. Or you could come out with an extended mechanism that allows plugin to declare their dependencies and how to automatically install them. Either way, the condition should be handled gracefully.

    Since WordPress was mentioned, I'm one of the few WP "pioneers" who discarded the ridiculous idea of omni-inclusive plugins, i.e. the insane dogma that "each plugin must include everything, even if it means duplicating tons of libraries and causing countless conflicts, because the idea of dependencies is too complicated for our users". I implemented my own (basic) dependency checking system, which WP is lacking completely, so that I can put an end to the era of "whale-sized" and unmaintainable plugins. :)

  • hey thanks for the heads up @businessdad . It's already part of the roadmap before I got this out publicly and yes it's worth mentioning here.

    cheers. :)

  • x00x00 MVP
    edited February 2015

    Vanilla does have basic dependence management built in but I suspect the whole thing will be revamped at some point. Probably more toward composer.json/package.json style.

    grep is your friend.

  • Before you implement any validity checks, check out UpdateModel::AnalyzeAddon() in /applications/dashboard/models/class.updatemodel.php. This is also used by the addons repository here.

Sign In or Register to comment.