From 97bb59d939b57284999d2915fc3b2cc867c72fa7 Mon Sep 17 00:00:00 2001
From: Jonathan Desrosiers <desrosj@git.wordpress.org>
Date: Wed, 20 Mar 2019 01:43:05 +0000
Subject: [PATCH] Plugins: Block plugin updates if required PHP version is not
 supported.

When a plugin states it requires a specific minimum PHP version (as defined in the `requires_php` field included in the plugin update API response), a user should not be allowed to update that plugin when the server does not satisfy the minimum PHP version.

When this scenario is encountered, the update buttons and links are disabled and links to educational resources about PHP are displayed to the user with a notice.

Props afragen, schlessera, desrosj.
Fixes #43987.

git-svn-id: https://develop.svn.wordpress.org/trunk@44937 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../includes/class-wp-plugins-list-table.php  |  7 ++-
 src/wp-admin/includes/plugin-install.php      | 13 +++-
 src/wp-admin/includes/update.php              | 62 ++++++++++++-------
 3 files changed, 55 insertions(+), 27 deletions(-)

diff --git a/src/wp-admin/includes/class-wp-plugins-list-table.php b/src/wp-admin/includes/class-wp-plugins-list-table.php
index fa40ba9a36..f83473af4d 100644
--- a/src/wp-admin/includes/class-wp-plugins-list-table.php
+++ b/src/wp-admin/includes/class-wp-plugins-list-table.php
@@ -746,9 +746,10 @@ class WP_Plugins_List_Table extends WP_List_Table {
 
 		}
 
-		$class       = $is_active ? 'active' : 'inactive';
-		$checkbox_id = 'checkbox_' . md5( $plugin_data['Name'] );
-		if ( $restrict_network_active || $restrict_network_only || in_array( $status, array( 'mustuse', 'dropins' ) ) ) {
+		$compatible_php = ( empty( $plugin_data['requires_php'] ) || version_compare( phpversion(), $plugin_data['requires_php'], '>=' ) );
+		$class          = $is_active ? 'active' : 'inactive';
+		$checkbox_id    = 'checkbox_' . md5( $plugin_data['Name'] );
+		if ( $restrict_network_active || $restrict_network_only || in_array( $status, array( 'mustuse', 'dropins' ) ) || ! $compatible_php ) {
 			$checkbox = '';
 		} else {
 			/* translators: %s: plugin name */
diff --git a/src/wp-admin/includes/plugin-install.php b/src/wp-admin/includes/plugin-install.php
index f2607cb9ef..99939b04b9 100644
--- a/src/wp-admin/includes/plugin-install.php
+++ b/src/wp-admin/includes/plugin-install.php
@@ -769,8 +769,8 @@ function install_plugin_information() {
 				' ' . __( '<a href="%s" target="_blank">Click here to learn more about updating PHP</a>.' ),
 				esc_url( wp_get_update_php_url() )
 			);
-			echo '</p>';
-			wp_update_php_annotation();
+
+			wp_update_php_annotation( '</p><p><em>', '</em>' );
 		} else {
 			echo '</p>';
 		}
@@ -827,7 +827,14 @@ function install_plugin_information() {
 				break;
 			case 'update_available':
 				if ( $status['url'] ) {
-					echo '<a data-slug="' . esc_attr( $api->slug ) . '" data-plugin="' . esc_attr( $status['file'] ) . '" id="plugin_update_from_iframe" class="button button-primary right" href="' . $status['url'] . '" target="_parent">' . __( 'Install Update Now' ) . '</a>';
+					if ( $compatible_php ) {
+						echo '<a data-slug="' . esc_attr( $api->slug ) . '" data-plugin="' . esc_attr( $status['file'] ) . '" id="plugin_update_from_iframe" class="button button-primary right" href="' . $status['url'] . '" target="_parent">' . __( 'Install Update Now' ) . '</a>';
+					} else {
+						printf(
+							'<button type="button" class="button button-primary button-disabled right" disabled="disabled">%s</button>',
+							_x( 'Cannot Update', 'plugin' )
+						);
+					}
 				}
 				break;
 			case 'newer_installed':
diff --git a/src/wp-admin/includes/update.php b/src/wp-admin/includes/update.php
index 43db04b523..7dd083bbf1 100644
--- a/src/wp-admin/includes/update.php
+++ b/src/wp-admin/includes/update.php
@@ -400,7 +400,10 @@ function wp_plugin_update_row( $file, $plugin_data ) {
 			$active_class = is_plugin_active( $file ) ? ' active' : '';
 		}
 
-		echo '<tr class="plugin-update-tr' . $active_class . '" id="' . esc_attr( $response->slug . '-update' ) . '" data-slug="' . esc_attr( $response->slug ) . '" data-plugin="' . esc_attr( $file ) . '"><td colspan="' . esc_attr( $wp_list_table->get_column_count() ) . '" class="plugin-update colspanchange"><div class="update-message notice inline notice-warning notice-alt"><p>';
+		$compatible_php = ( empty( $response->requires_php ) || version_compare( phpversion(), $response->requires_php, '>=' ) );
+		$notice_type    = $compatible_php ? 'notice-warning' : 'notice-error';
+
+		echo '<tr class="plugin-update-tr' . $active_class . '" id="' . esc_attr( $response->slug . '-update' ) . '" data-slug="' . esc_attr( $response->slug ) . '" data-plugin="' . esc_attr( $file ) . '"><td colspan="' . esc_attr( $wp_list_table->get_column_count() ) . '" class="plugin-update colspanchange"><div class="update-message notice inline ' . $notice_type . ' notice-alt"><p>';
 
 		if ( ! current_user_can( 'update_plugins' ) ) {
 			/* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number */
@@ -413,7 +416,7 @@ function wp_plugin_update_row( $file, $plugin_data ) {
 					/* translators: 1: plugin name, 2: version number */
 					esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $response->new_version ) )
 				),
-				$response->new_version
+				esc_attr( $response->new_version )
 			);
 		} elseif ( empty( $response->package ) ) {
 			/* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number */
@@ -426,27 +429,44 @@ function wp_plugin_update_row( $file, $plugin_data ) {
 					/* translators: 1: plugin name, 2: version number */
 					esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $response->new_version ) )
 				),
-				$response->new_version
+				esc_attr( $response->new_version )
 			);
 		} else {
-			/* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number, 5: update URL, 6: additional link attributes */
-			printf(
-				__( 'There is a new version of %1$s available. <a href="%2$s" %3$s>View version %4$s details</a> or <a href="%5$s" %6$s>update now</a>.' ),
-				$plugin_name,
-				esc_url( $details_url ),
-				sprintf(
-					'class="thickbox open-plugin-details-modal" aria-label="%s"',
-					/* translators: 1: plugin name, 2: version number */
-					esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $response->new_version ) )
-				),
-				$response->new_version,
-				wp_nonce_url( self_admin_url( 'update.php?action=upgrade-plugin&plugin=' ) . $file, 'upgrade-plugin_' . $file ),
-				sprintf(
-					'class="update-link" aria-label="%s"',
-					/* translators: %s: plugin name */
-					esc_attr( sprintf( __( 'Update %s now' ), $plugin_name ) )
-				)
-			);
+			if ( $compatible_php ) {
+				/* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number, 5: update URL, 6: additional link attributes */
+				printf(
+					__( 'There is a new version of %1$s available. <a href="%2$s" %3$s>View version %4$s details</a> or <a href="%5$s" %6$s>update now</a>.' ),
+					$plugin_name,
+					esc_url( $details_url ),
+					sprintf(
+						'class="thickbox open-plugin-details-modal" aria-label="%s"',
+						/* translators: 1: plugin name, 2: version number */
+						esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $response->new_version ) )
+					),
+					esc_attr( $response->new_version ),
+					wp_nonce_url( self_admin_url( 'update.php?action=upgrade-plugin&plugin=' ) . $file, 'upgrade-plugin_' . $file ),
+					sprintf(
+						'class="update-link" aria-label="%s"',
+						/* translators: %s: plugin name */
+						esc_attr( sprintf( __( 'Update %s now' ), $plugin_name ) )
+					)
+				);
+			} else {
+				/* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number 5: Update PHP page URL */
+				printf(
+					__( 'There is a new version of %1$s available, but it doesn&#8217;t work with your version of PHP. <a href="%2$s" %3$s>View version %4$s details</a> or <a href="%5$s">learn more about updating PHP</a>.' ),
+					$plugin_name,
+					esc_url( $details_url ),
+					sprintf(
+						'class="thickbox open-plugin-details-modal" aria-label="%s"',
+						/* translators: 1: plugin name, 2: version number */
+						esc_attr( sprintf( __( 'View %1$s version %2$s details' ), $plugin_name, $response->new_version ) )
+					),
+					esc_attr( $response->new_version ),
+					esc_url( wp_get_update_php_url() )
+				);
+				wp_update_php_annotation( '<br><span class="description">', '</span>' );
+			}
 		}
 
 		/**