Updated updater: spam mitigation + list of active extensions. 2.5.1 r…

…elease

bootstrap/update.php

@@ -226,7 +226,7 @@ function _hook_plugins_api( $res, $action, $args ) {
 	$url       = TSF_EXTENSION_MANAGER_DL_URI . 'get/info/1.0/';
 	$http_args = [
 		'timeout'    => 15,
-		'user-agent' => 'WordPress/' . $wp_version . '; ' . PHP_VERSION_ID . '; ' . \home_url( '/' ),
+		'user-agent' => "WordPress/$wp_version; " . PHP_VERSION_ID . '; ' . \home_url( '/' ),
 		'body'       => [
 			'action'  => $action,
 			'request' => serialize( $args ), // phpcs:ignore -- Object injection is mitigated at the request server.
@@ -274,7 +274,7 @@ function _hook_plugins_api( $res, $action, $args ) {
  * @access private
  */
 function _clear_update_cache() {
-	\delete_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE );
+	\update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, [] );
 }
 
 \add_filter( 'pre_set_site_transient_update_plugins', __NAMESPACE__ . '\\_push_update', PHP_INT_MAX, 2 );
@@ -288,6 +288,8 @@ function _clear_update_cache() {
  * @since 2.0.0
  * @since 2.0.2 Added more cache, because some sites disable transients completely...
  * @since 2.4.0 Can now fetch required (and available) locale files.
+ * @since 2.5.1 1. Now uses site options instead of transients. We still have far too many update-spammers.
+ *              2. We may now collect a list of active extensions.
  * @access private
  * @see WP Core \wp_update_plugins()
  *
@@ -310,12 +312,16 @@ function _push_update( $value, $transient ) {
 	if ( isset( $runtimecache ) ) {
 		$cache =& $runtimecache;
 	} else {
-		// TODO some sites install plugins that disable transients. They invoke thousands of requests to our services within days.
-		// Use options instead?
-		$cache_timeout = MINUTE_IN_SECONDS * 20;
-		$cache         = \get_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE );
+		$cache = \get_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, [] );
 
-		if ( false === $cache ) {
+		if ( isset( $cache['_failure_timeout'] ) ) {
+			if ( $cache['_failure_timeout'] > time() )
+				return $value;
+
+			$cache = [];
+		}
+
+		if ( empty( $cache['_tsfem_delay_updater'] ) || $cache['_tsfem_delay_updater'] < time() ) {
 			// include an unmodified $wp_version
 			include ABSPATH . WPINC . '/version.php';
 
@@ -346,13 +352,17 @@ function _push_update( $value, $transient ) {
 				$translations = [];
 			}
 
+			$options    = \get_option( TSF_EXTENSION_MANAGER_SITE_OPTIONS, [] );
+			$extensions = isset( $options['active_extensions'] ) ? $options['active_extensions'] : [];
+
 			$http_args = [
 				'timeout'    => 7, // WordPress generously sets 30 seconds when doing cron to check all plugins, but we only check 1 plugin.
-				'user-agent' => 'WordPress/' . $wp_version . '; ' . PHP_VERSION_ID . '; ' . \home_url( '/' ),
+				'user-agent' => "WordPress/$wp_version; " . PHP_VERSION_ID . '; ' . \home_url( '/' ),
 				'body'       => [
 					'plugins'      => \wp_json_encode( $plugins ),
 					'translations' => \wp_json_encode( $translations ),
 					'locales'      => \wp_json_encode( $locales ),
+					'extensions'   => \wp_json_encode( array_keys( array_filter( $extensions ) ) ),
 				],
 			];
 
@@ -361,6 +371,11 @@ function _push_update( $value, $transient ) {
 			if ( \is_wp_error( $raw_response )
 			|| 200 != \wp_remote_retrieve_response_code( $raw_response ) // phpcs:ignore, WordPress.PHP.StrictComparisons.LooseComparison
 			) {
+				$_cache = [
+					'_failure_timeout' => time() + ( MINUTE_IN_SECONDS * 10 ),
+				];
+				\update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $_cache );
+
 				return $value;
 			}
 
@@ -380,8 +395,10 @@ function _push_update( $value, $transient ) {
 			}
 			unset( $plugin );
 
-			$cache =& $response;
-			\set_site_transient( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $cache, $cache_timeout );
+			$cache                         =& $response;
+			$cache['_tsfem_delay_updater'] = time() + ( MINUTE_IN_SECONDS * 30 );
+
+			\update_site_option( TSF_EXTENSION_MANAGER_UPDATER_CACHE, $cache );
 		}
 
 		$runtimecache = $cache;

extensions/essentials/articles/trunk/readme.md

@@ -247,7 +247,7 @@ add_filter( 'the_seo_framework_sitemap_articles_news_sitemap_query_args', functi
 
 ### 2.1.1
 
-[tsfep-release time="-1"]
+[tsfep-release time="November 8th, 2021"]
 
 * **Improved:**
 	* This extension now uses a coroutine to generate the Schema.org markup; now it can stop processing at any point the data is not valid.

extensions/essentials/focus/trunk/readme.md

@@ -310,7 +310,7 @@ document.addEventListener( 'tsfem-focus-gutenberg-content-store-setup', () => {
 
 ### 1.5.1
 
-[tsfep-release time="-1"]
+[tsfep-release time="November 8th, 2021"]
 
 * **Updated:**
 	* Extension now is fully compatible with The SEO Framework v4.2.0.

extensions/premium/local/trunk/readme.md

@@ -7,27 +7,23 @@ This extension lets you set up important local business information for search e
 
 ## Overview
 
-### Higher ranking through local search
+### Higher ranking with local search
 
-A potential customer or visitor often wants to find out more about your business before interacting.
-Therefore, for many businesses, local listings are a must.
+For most businesses, local listings are a must. Once listed, a potential visitor can then find more about your business directly from search engines.
 
 A local listing within Google will also be placed upfront and sometimes above all other search results.
 
-With the Local extension, you can rank your different local business departments higher in Google and other search engines.
-So, your business will be found better by your local customers.
-
-All the above also accounts for users who add locations in their search query.
+With the Local extension, you can list your local business departments in Google and other search engines.
 
 [tsfep-image id="1"]
 
 ### An advanced SEO solution
 
-We present you an advanced and leading Local solution, excelling other existing similar solutions, for a lower price.
+We present you an advanced and leading Local solution.
 
 **This software package includes:**
 
-* Support for multiple locations (up to 4096, not only 2).
+* Support for up to 4096 locations.
 * (Reverse) Geocoding through our API services.
 * Options for opening hours per area.
 * Internal caching, for significantly faster execution.
@@ -128,9 +124,9 @@ Also, when department URLs are filled in, then each specific department's data w
 
 ### 1.1.9
 
-[tsfep-release time="-1"]
+[tsfep-release time="November 8th, 2021"]
 
-* **Changed:** Resolved deprecated usage from The SEO Framework v4.2.0.
+* **Changed:** Extension now is fully compatible with The SEO Framework v4.2.0.
 * **Fixed:** Resolved an issue that caused the output not to run on assigned URLs when the main department is disabled.
 
 ### 1.1.8

readme.txt

@@ -1,11 +1,11 @@
 === The SEO Framework - Extension Manager ===
 Contributors: Cybr
 Tags: seo, extensions, local, keyword, articles, monitor, modules, schema, honeypot, amp, title, the seo framework
-Requires at least: 5.1
-Tested up to: 5.7
+Requires at least: 5.4
+Tested up to: 5.9
 Requires PHP: 5.6.5
 Requires TSF: 4.1.4
-Stable tag: 2.5.0
+Stable tag: 2.5.1
 License: GPLv3
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -43,21 +43,25 @@ Please refer to [the installation instructions on our website](https://kb.theseo
 
 = 2.5.1 =
 
-TODO test PHP requirement for update.
+**Release date:**
+
+* November 8th, 2021
+
+**Feature highlights**
+
+* Extension Manager is now fully prepared for the imminent release of TSF v4.2.0.
+* The 2001 error is now less likely to get invoked.
+* Asset URLs are now generated correctly on Windows-based servers.
+
+**Updated extensions:**
 
-* **Improved:** Extensions now load a tad faster.
-* **Improved:** It is now less likely to have the options get invalidated which would otherwise invoke error 2001 (and error 6001 for API users).
-* **Fixed:** Resolved an issue where asset-URLs were generated incorrectly for extensions in the admin area on Windows-based servers. Props [Vitaliy].(https://github.com/sybrew/The-SEO-Framework-Extension-Manager/issues/45)
-* **Fixed:** Resolved an issue where site-settings were blocked from updating manually via `options.php`.
+* [Articles at version 2.1.1](https://theseoframework.com/extensions/articles/#changelog)
+* [Local at version 1.1.9](https://theseoframework.com/extensions/local/#changelog)
+* [Focus at version 1.5.1](https://theseoframework.com/extensions/focus/#changelog)
 
-* **Updated extensions:**
-	* Articles @ Version 2.1.1:
-		* **Changed:** Now uses WordPress's timesystem.
-	* Local @ Version 1.1.9
-		* **Fixed:** You can now store and test your input correctly when the first department is disabled.
-	* Cord @ Version ??
-		* TODO **Added:** Google Analytics 4 support. New settings are added for this.
+**Detailed log:**
 
+View the [detailed v2.5.1 changelog](https://tsf.fyi/p/3779).
 
 = 2.5.0 - Quick SEO =
 
@@ -93,10 +97,6 @@ View the [detailed v2.5.0 changelog](https://theseoframework.com/?p=3686).
 
 == Upgrade Notice ==
 
-= 2.5.1 =
-
-This plugin now requires WordPress v5.4 and The SEO Framework v4.1.4 or higher.
-
 = 2.5.0 =
 
 This plugin now requires WordPress v5.1 and The SEO Framework v4.1.2 or higher.

the-seo-framework-extension-manager.php

@@ -3,12 +3,14 @@
  * Plugin Name: The SEO Framework - Extension Manager
  * Plugin URI: https://theseoframework.com/extension-manager/
  * Description: Add more powerful SEO features to The SEO Framework. Right from your WordPress dashboard.
- * Version: 2.5.1-beta-1
+ * Version: 2.5.1
  * Author: The SEO Framework Team
  * Author URI: https://theseoframework.com/
  * License: GPLv3
  * Text Domain: the-seo-framework-extension-manager
  * Domain Path: /language
+ * Requires at least: 5.4.0
+ * Requires PHP: 5.6.5
  *
  * @package TSF_Extension_Manager\Bootstrap
  */
@@ -111,9 +113,8 @@ function tsf_extension_manager_boot() {
 		require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'upgrade.php';
 	}
 
-	if ( is_admin() || wp_doing_cron() ) {
+	if ( is_admin() || wp_doing_cron() )
 		require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'update.php';
-	}
 
 	// Load plugin files.
 	require TSF_EXTENSION_MANAGER_BOOTSTRAP_PATH . 'load.php';