New to prestashop, want to know how updates work for modules

[Lindsayanng]

I kind of jumped head first into my first PS theme design just to learn the code structure and all of that. I have to say, i am really VERY VERY happy with it!!

That being said, I wanted to understand a little more about the updates. I have no plans to change the core PS files, but I have changed the modules boxes and how they look int he template file as well as adding a small function to allow them to be stuck into different hook areas (ie: getting the "best sellers" into the center column)


Are the modules updates via a pushed update? Is everything I one click update like wordpress is??

I am basically combining my knowledge of oscommerce and wordpress to figure out prestashop and it's working really very well. From what I am used to with wordpress, if you change anything about a plugin anyhere inside of the plugin folder, it will get overwritten when updated. Does this happen in PS? If it does, does it allow for secondary pages?

Also, is there a functions file that I can create in my template file like there is in WP that allows you to override functions or slightly change the way the work?

I am trying to keep this cart as update friendly as possible.

[Lindsayanng]

Ok wow.. That was a lot of reading.

Can I just quickly recap and you could tell me if I am correct??

Prestashop is going to start allowing this function soon (ability to push out updates similar to wordpress) however, their update pushes leave open a major vulnerability in the guise of prestashop addon creators building plugins that do something useful but in the background can also collect all of your order, customer, and transaction information because those hooks are opened?

Currently the addons CAN do this (send out a web beacon to check for updates and possibly send private info) if the addon is not distributed via the addons.prestashop.com repository. Prestashop is trying to make this so within the addons. prestashop.com "market" as well. ??

Also, this line:
". As is, every f’ing time you visit your backoffice AdminHome page (or index.php) the app inventories every blessed module on your server, its status (installed or not) its author… and “phones home” to the mothership."

Are you saying you currently get notification that there is an available module update but there is no one click update??

My final thoughts....

It seems that there is an obvious middle ground here because platforms like wordpress have done this. I would think that the middle ground would be to lock down the hooks and make it so that the only information that could be sent and received is the update info and the updates would need to be put into the addon repository.

Basically it seems that wordpress has made this absolutely possible and while there were a few holes that were exploited, everything seems to be back to normal. I think the biggest hurdle is getting a team to approve "modules" like the way wordpress does. Also, PS might consider something like a killswitch that both the plugin author and PS can issue if something is deemed a security threat.

[Lindsayanng]

Ok.. again you have a LOT of information - some of which isn't making sense to me, so let me tell you what will and does work in the realm of automatic updates and pushed updates.

Wordpress.org is a repository for plugins. If you are a plugin creator you submit your addon to the wordpress.org plugin repository. Wordpress ONLY allows free plugins to be served and distributed on it's server, the goal is to keep the community open source and available. They do not shut down the possibility of selling licenses to plugins, but wordpress wants nothing to do with the transaction of money.

So plugins are submitted to the wordpress repository for review and someone on the team checks the plugin for specific standards. Sure, not all plugins are great or are perfectly secure - but that's the world of open source (install at your own risk) but none of them are malicious.

When the plugin is approved it is shown on the wordpress..org repository and is available for download.

So you ask what is the benefit to the developers?
The benefit almost solely rests on recognition.
1.) any plugin in the wordpress repository is accessible via your wordpress installation admin. This means you can search and install plugins directly from your admin. It's a one click plugin install.
2.) your plugin is easily found via a search on google or wordpress.org (on google because wordpress.org has very high search engine rankings)
3.)professional recognition. Since your plugin gets a lot of views being on wordpress.org repositories, your plugin is very likely to become a top-rated plugin, giving your brand as a whole some recognition as being of quality design and development. Wordpress.org has a star rating system which helps people searching find the best option available. There are a million plugins that do the same thing, but when you find a 5 star rated plugin on the wordpress.org repository, you trust it.

Also, when you sell a plugin on the wordpress.org repository, you can give away a free version and within your plugin's dashboard link to a "donate now" button or link to a paid version of the same plugin with more features. It's inner plugin advertising. This basically means the plugin you sell is getting more exposure simply because your free one is deemed to be a good plugin.

When you open your wordpress powered dashboard a cron job runs to look for a plugin in the wordpress repository with the same name as the one you have installed - if it finds this plugin then it checks the version number. If the version number is newer, it will initiate an "update plugin" link which you can run to instantly update. If the plugin is not present on the wordpress.org repository then you will never know if there is an update unless you go directly to the plugin website.

From what I understand, an individual website can not push content to the wordpress user's installation without use of the repository.

again, this is a good thing!!!! It creates a single place to go and look for plugins that are already vetted by professionals who know the platform.

The main issue I have with prestashop's repository is that there are paid plugins on there. I feel like prestashop would benefit from trying to generate a much more open-source community versus a license based community that runs on an open source platform.

Ohhhh... and let me define the killswitch a little better..

A killswitch would be an overall function that is used within every plugin or module if the module is deemed to be malicious. For instance, if someone created a paypal module for prestashop and very VERY carefully hid a script that collected credit card numbers and the people who approved modules didn't notice it until later, PS could issue a kill switch to disable the module for ALL users. This would basically save uneducated users of this module. The killswitch could replace the module page with a screen that brings them to a page with more information.

On the other hand, the killswitch could also be helpful to the plugin developer if the developer finds an exploit in their code and wants to minimize damage by disabling the module across the board with a link to a page explaining why and what you are doing to fix it.

Also.. as i said. Just because the main repository doesn't approve of your module doesn't mean people can't use it and you can't sell it. It just means you have to host it yourself and you cant do the automatic updates that come with being on the main repo.