Making EDD’s Git Download Updater Plugin Compatible with Pantheon
October 22, 2018 | Parker Mathewson
Running a digital download store comes with it’s own set of unique problems in respect to website building. In essence, you need to be able to manage file permissions on both an Operating System level, as well as releasing locked files to paying customers. Some hosts, like Pantheon or Pressable, are doing their due diligence in protecting your file system and website. Sometimes problematically restrictive, they limit what can be executed on the server itself. We will be explaining how to use the EDD plugin suite when your website is hosted on an NGINX server, with additional file system protections. We also share the fix for the git updater extension to work for both GitHub and BitBucket in this environment.
When we first started our store, we were debating between using WooCommerce’s digital products method and Easy Digital Downloads software. WooCommerce was cheaper to achieve the software licensing store we were making, but Easy Digital Downloads built their whole platform around digital products. The choice between the two was easy when looked at through that lens. Plus, Easy Digital Downloads (EDD) had a lot of extra add-ons that we saw more beneficial for our specific store than those provided by WooCommerce themselves.
Our decision only felt stronger after we had been using EDD’s software on a test site for a while, the customer profiles created on the admin back-end make interacting with customers information so much easier than WooCommerce’s built in functionality. It was time to put EDD on our live site and start getting plugins sold to the world!
Configuring EDD for Pantheon
Pantheon is a great host, and they have gone through a lot of work to help whoever is managing your website have a secure server. As someone who has worked on servers for years, I know that managing the server itself is a taxing task, which takes a lot of time reading, learning, and implementing. I appreciate the work that Pantheon does for me as a store owner, even when they seem to be stepping on my toes, I know its just for security. Pantheon is an NGINX server configured with stronger than your typical web host file permission structure. This becomes an issue when you are trying to share files with paying customers, and no one else. This is actually notified to you when you first install EDD on a Pantheon server, and you get a link to the Pantheon Compatibility module that changes some commands around in EDD to get the correct download file and file permissions to run your store securely.
Great! Pantheon is now a working, secure*, and fast host for your EDD store! If you are not using GitHub or BitBucket to version control your digital files, you can stop reading here, but for the rest of you, we are going to run into one more issue…
*note: We are using secure a lot in this article, but just being on Pantheon alone does not mean that your website is fully secure, just that they take a lot of precautionary steps to help you along your way. Your store is only as strong as the code you install, and the users permissions and passwords you allow and create! Please see other references to learn how to secure your whole website, not just your server and files.
Using EDD Git Download Updater
If you are using one of the two main git services, GitHub or BitBucket, you will definitely notice the EDD Git Download Updater add on they have in their store. It automates so much of the process of getting out updated versions of your EDD Download to customers. This plugin was going to be a lifesaver for me, shaving minutes off any re-versioning I had to do. Minutes may not sound like a lot, but over time, it adds up, plus it takes a lot of the human error out of the process. When we first brought this add on into our store, we soon pushed out an update to an existing site to test the process. Using our GitHub repository, we went to update the plugin. The plugin updates, but the plugin file “no longer exists and the plugin has been deactivated…” Ummm, excuse me?
On further inspection, you find the plugin does still exist, and you can reactivate it. Ok, weird. Go look in the file structure/plugin editor, and notice the plugin folder name has been changed into some junk!It seems that the download can still be updated on future pushed updates with this error, but now your file structure is ugly, and is possibly releasing information you do not want to your customers!
An even worse option, BitBucket did not even work for us. The zip created was always empty or corrupted. Our initial tests would not confirm anything to us yet...
Fixing EDD Git Download Updater
Our initial reaction was that it must be something with the host, Pantheon. I mean, there was a compatibility plugin for EDD, it’s definitely plausible that there needs to be some additional configuration, right? Well I will skip through all the nitty gritty details, but we ended up tracing the steps to see when the filename was actually changed (since you can specify in EDD Download what you want the filename to be). Without any errors to follow, and not seeing any warnings in the server logs, we were shooting blind to be honest.
We ended up following the process-file.php file through the life cycle of the AJAX request to GitHub and the response the server got, using the JSON objects to debug. We found that in the unzip function was returning FALSE, when it should have been holding the value new directory created for the updated Download. Looking through the unzip function, we saw the return false statement and figured something went wrong with the build in rename function, so we did what we do best: turned to google!
It ends up Pantheon has an article about the rename PHP function, and how they explicitly do not allow it! They go in to some detail of the issue and workarounds for it. We chose to copy the contents into a new folder and delete the old folder. All of this can be done with replacing the unzip function in v1.0.5 of the plugin with the following TWO functions: