Skip to content

Old Plugin Version Downloaded Due to Cached API Response in Transient #1690

New issue
New issue
Closed
#1693
Closed
Old Plugin Version Downloaded Due to Cached API Response in Transient#1690
#1693
Labels
[Type] BugAn existing feature is broken
Milestone
performance-lab 3.7.0
@ShyamGadde

Description

@ShyamGadde
ShyamGadde
opened on Nov 21, 2024

Bug Description

When activating a plugin from the Performance Lab settings page shortly after a new version is released, there is a possibility that an older version will be downloaded. This is because the response from the plugins API query is cached in a WordPress transient (_transient_perflab_plugins_info), which has a default lifetime of one hour. During this time, the cached plugin data, including the version and download link, may still point to the older version.

Code responsible for the plugin installation:

performance/plugins/performance-lab/includes/admin/plugins.php

Lines 354 to 357 in 20a038f

// Replace new Plugin_Installer_Skin with new Quiet_Upgrader_Skin when output needs to be suppressed.
$skin = new WP_Ajax_Upgrader_Skin( array( 'api' => $plugin_data ) );
$upgrader = new Plugin_Upgrader( $skin );
$result = $upgrader->install( $plugin_data['download_link'] );

To illustrate, the unserialized values of the _transient_perflab_plugins_info transient look like this:

Array
(
    ...

    [optimization-detective] => Array
        (
            [name] => Optimization Detective
            [slug] => optimization-detective
            [short_description] => Provides an API for leveraging real user metrics to detect optimizations to apply on the frontend to improve page performance.
            [requires] => 6.5
            [requires_php] => 7.2
            [requires_plugins] => Array
                (
                )

            [download_link] => https://downloads.wordpress.org/plugin/optimization-detective.0.7.0.zip
            [version] => 0.7.0
        )

        ...
)

Scope of the Issue

This issue is relatively rare and occurs only under specific conditions:

  1. A new version of a plugin in Performance Lab has just been released.
  2. The transient data is already present and has not expired.
  3. The plugin activation attempt happens within the transient's one-hour lifetime.

While this is not a critical issue (users can always go to the main Plugins page to update manually), it may cause confusion in situations where the latest version is expected to be installed immediately from the settings page.

Steps to reproduce

Reproducing this behavior required manually altering the transient data (_transient_perflab_plugins_info) in the WordPress database. I did this by modifying the download_link value for the Optimization Detective plugin in the wp_options table. Specifically, I changed the link to https://downloads.wordpress.org/plugin/optimization-detective.0.7.0.zip to simulate the presence of an older version.

This manual adjustment was necessary because there isn't an easy way to trigger this scenario without an actual new plugin version release.

Metadata

Metadata

Assignees

No one assigned

    Labels

    [Type] BugAn existing feature is broken

    Type

    No type

    Projects

    WP Performance 2025

    Status

    Done 😃

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions