Guidelines for Plugins and Styles in the Plugin-Store
All plugins and styles published in the plugin store are subject to some basic minimum requirements, which are primarily aimed at avoiding common problems during use. The submissions are checked in two steps before they are released. A first automatic check works on purely formal grounds and is intended to detect simple technical flaws. The second step is a manual review by a WoltLab employee, focusing on errors and potential problems during operation.
In the event of a negative test result, you will receive a notification with the findings and - if feasible - also detailed instructions on how to resolve the issues.
Preliminary Check for Technical Defects
An automated verification process checks the formal correctness of the uploaded file:
- Are all contained PHP and XML files formally correct and do not contain any syntax errors that prevent them from working?
- Does the archive contain all files required for an installation according to the package.xml?
- Does the archive not contain any superfluous files, e.g. hidden files from Windows or macOS, which could be problematic during installation?
- Is the information on compatibility complete or formally correct?
- The minimum requirement of WoltLab Suite Core (com.woltlab.wcf) must be a version supported by security updates (currently version 5.3 or higher).
Inspection by an Employee of Woltlab GmbH
We manually check all uploaded files for errors and especially for possible security problems. The individual programming style is not subject to evaluation. Our primary goal is to detect problems at an early stage and solve them in cooperation with the developer.
The most important criteria which are checked by us:
- Security problems are clearly the first priority. These can be incorrectly processed parameters or database queries, but also inadequate authorization checks or XSS vulnerabilities in the template fall into this category.
- Plugins must be functional at a basic level, starting with the installation and ending with a quick functional test. The user interface should be similar to that of the rest of the software, especially in terms of usability.
- Leverage existing APIs, such as the use of Guzzle to perform HTTP requests. The existing APIs already cover many different cases automatically, such as support for proxy servers, and ensure consistent behavior.
- Redundant program code that was built in for testing purposes or hard-coded API credentials that were used for testing and are not suitable for normal installation
- Serious efficiency problems, for which it is already predictable from our experience that they will lead rather quickly to bottlenecks beyond simple test data, in particular very inefficient database queries. In many cases even the slightest changes are enough to solve these problems.
- Incomplete translations, especially the English translation is not only necessary for a larger group of customers, but is often used as a basis for translations into other languages. With simple tools, for example the service of deepl.com, good translations can be achieved with little effort, which provide a sufficient basis.
- Visible copyright markings are permitted for styles on all pages and for apps on the app's own pages. Other plugins may only place such markings on their own pages that are directly provided by them.
- The implicit or explicit installation of package servers is generally not permitted.
A rejection is usually only issued if the test has revealed serious problems that prevent proper operation. In the case of minor, non-critical defects, an approval is usually granted and an additional notification is sent, in which we point out the problems found, for example minor typing errors. Our primary goal is to carry out a check that is as objective as possible and to support the developer in their work.
We reserve the right to reject plugins under exceptional circumstances, if their functionality can already be fully implemented by the site operator using the existing software without exception.
Requirements for the Listing in the Plugin-Store
The description for plugins should reflect the functionality in the best possible way so that customers can familiarize themselves with the features in advance. It should be noted that there must be a German and an English version, which contain the same information. The use of screenshots is recommended for plugins - as far as it makes sense in individual cases - to give a better impression and to present functions in an appealing way. For styles, screenshots are mandatory and should be meaningful enough to provide a satisfactory impression in advance.
References to third party sites, including your own website, may be placed at the end of the text if they are significant for the plugin or style. This could be a live demo or instructions or help in case of problems.
The use of the description for advertising purposes for commercial offers outside the Plugin-Store is prohibited, in particular the advertising of third party stores is generally forbidden. A reference to related listings in the Plugin-Store, for example supplementary packages for the listing, can be placed.
Own license terms can be provided either via the text input fields or via an external link. In the case of an external link, it must point to a text-only output (type text/plain) and if the link points to a TLS encrypted address (https), a valid certificate must be presented.
Approval for the WoltLab Cloud
The classification whether plugins or styles can be installed in the WoltLab Cloud is determined directly by WoltLab. The test criteria are purely technical and designed to ensure the stability and security of the WoltLab Cloud platform.
- Compatibility with the current version of WoltLab Suite.
- Outgoing HTTP(S) connections consistently use Guzzle or take the proxy configuration into account correctly.
- No outgoing connections to deviating TCP or UDP ports.
- No bulk sending of emails.
- No overlap with privileges that are subject to restrictions in the context of a managed operation, for example direct database management.
Sale of Plugins and Styles in the Plugin-store
The price is set by the seller themselves, net prices are permitted in the range from a minimum of EUR 1.67 to a maximum of EUR 168.06. The end customer price is subject to the applicable VAT rate, for example 19% for customers from Germany.
The WoltLab GmbH will keep 25% of the net price as commission, the WoltLab GmbH will also cover the transaction fees for the payment method used. In case of surcharges for the payment method chosen by the Customer, these surcharges will be added to the gross price. The seller will always receive 75% of the net price without any deduction.
Sample calculation:
Gross price for customers from Germany: EUR 9.99 (incl. 19% VAT)
Net price: EUR 8.395
Seller earns per sale: EUR 6.30 (commercial rounding to the full cent)
The payout is monthly, provided that the seller's account has a balance of at least EUR 30,-.
More information about the sale of plugins:
