Seems to have regressed in #15770
Haven't tested it yet fully but this should work. We'll then also need to merge this into Matomo 4. The previous token_auth check wouldn't work there because it would check against the new app specific token auth table which wouldn't exist yet at the time this is executed. Therefore using an nonce which is better in general anyway so the action can be only called when initiated by the first update step.
Unfortunately this will basically only work on the next update. So if people update to 3.14.1 it will only work when they update from that version. It won't work yet from 3.14.0 to 3.14.1 since the old code would be used there.
left one comment, otherwise lgtm
@diosmosis updated the PR.
Noticed the second step was actually failing when marketplace was disabled.
Should something go wrong because user has invalid SSL falling back to execute the second action within the same request. This should usually work quite well especially between minor and patch releases.
And instead of any special error handling I reckon it's actually better to simply always show the log output in the success screen as well. So people notice eg if plugins were disabled. See example in https://builds-artifacts.matomo.org/matomo-org/matomo/3.x-dev/42112/OneClickUpdate_update_success.png
Note that the translation key appears and I think that's because of some caching as I think it updates from the latest stable where the translation key was not present yet. Locally this works for me. See https://builds-artifacts.matomo.org/matomo-org/matomo/3.x-dev/42112/OneClickUpdate_update_success.png Also note that the first tick is a bit moved to the right which seems to. be because it's the first line right after
<code>✓ foo.... I reckon it's not too important and not sure if there's much we could do about it except for adding another newline first.