Previously, PUC didn't specify any explicit sorting criteria. I incorrectly assumed that BitBucket would return the most recent tags first. As a result, when a repository had enough tags to trigger API response pagination, PUC could miss some recent tags. Related: #48
Technically, it's possible to place a plugin anywhere outside the WordPress directory and then create a symlink inside /wp-content/plugins that points to the plugin directory. If the plugin developer then passes the real, symlink-resolved path to the PUC factory, PUC will assume it can't be a plugin because it's not inside the expected directory.
Semi-fixed by checking if the input file contains a valid plugin header. However, I would still recommend against using symlinks in this manner because it's likely to cause odd bugs elsewhere. For example, __FILE__ resolves symlinks but plugin_basename() doesn't. This means that the basename that WP sees and the basename you generate in your own code might not match.
get_user_locale() is not available in older WordPress versions. Also, according to WP docs, load_plugin_textdomain (and, presumably, its siblings) should be called in `init` or later.
The code that updates the OAuth signature didn't account for the fact that the oauth_signature query parameter would end up in the wrong place. Instead of being sorted alphabetically with the rest of parameters, it must be the *last* one.
Apparently "latest compatible version" is a more common expression than "greatest compatible version". Also, lets move away from the idea of using the factory class to build anything other than update checker instances; it's probably not necessary.
Move most GitHub and BitBucket stuff to a general "VCS checker" class and put service-specific logic in API classes that follow a common interface.
Rationale: Upon further reflection, there's no need to have different theme & plugin checker implementations for each Git hosting service. The overall update detection algorithm stays the same. Only the API and authentication are different.
Not entirely happy with the code duplication in Vcs_PluginUpdateChecker and Vcs_ThemeUpdateChecker. Traits would be one solution, but can't use that in PHP 5.2. There's probably a "good enough" way to achieve the same thing through composition, but I haven't figured it out yet.
For private GH repositories, use setAuthentication('access_token_here') instead of setAccessToken().
We don't need two different implementation for GitHub and BitBucket, they use the same property name. But lets make the property configurable anyway in case other APIs do differ.
Yahnis Elsts
LDAV
Nicolas GEHIN