Update Theme via CLI ignores Requires PHP Constraint

[salcode]

As described in the ​Theme Handbook Main Stylesheet (style.css) Explanations the Requires PHP line defines

The oldest PHP version supported, in X.X format, only the number

In the WordPress Web UI (/wp-admin), you are prevented from updating to a newer version of the theme if your server does not meet this requirement (in the Themes page, Update is unavailable and in the general Updates page, the update fails).

However, updating the theme via WP CLI does allow updating a theme to a version even if the theme requires a version of PHP that exceeds the requirement.

Reproduction Steps

To test this we will use the ​Rider Theme from the wordpress.org Themes Repository.

Rider Version	Requires PHP
2.1.0	5.6
3.0.0	8.1

1. Run WordPress on a server with PHP version 8.0
   • e.g. if you are using the ​WordPress development repo, change the LOCAL_PHP value in .env from latest to 8.0-fpm and restart
   • you can confirm your PHP version with the WP CLI task wp --info and checking the PHP version in the output, this task can be run on the ​WordPress development repository with

     npm run env:cli -- wp --info
     

2. Install and activate version 2.1.0 of the Rider theme (which Requires PHP 5.6) wp theme install rider --version=2.1.0 --activate
   • this task can be run on the WordPress development repo with

     npm run env:cli -- wp theme install rider --version=2.1.0 --activate
     

3. Update the Rider theme to the latest version (3.0.0), which Requires PHP 8.1 wp theme update rider
   • this task can be run on the WordPress development repo with

     npm run env:cli -- wp theme update rider
     

Expected Behavior

The Rider theme is NOT updated because the "Requires PHP" version exceeds the version on the server.

Actual Behavior

The Rider theme is updated to the latest version (3.0.0), which has a Requires PHP value that exceeds our server.

Related Trac Ticket for Plugins

In #59198 a similar problem with Plugins was addressed.

Does this Fix Belong in WordPress Core?

Since I've only been able to recreate this issue via WP CLI, one might argue the fix for this belongs in WP CLI however since we are checking the "Requires PHP" value in Plugins here in WordPress core (see #59198), I'd argue we should be doing the same for Themes.

---

Props @afragen for calling out this need in this comment on 59198
Props @h4l9k for helping write up this issue

[salcode]

Rider theme version 2.1.0 on server with PHP 8.0

[salcode]

Rider theme version 3.0.0 on server with PHP 8.0 after this update was performed via WP CLI

[swissspidy]

OK, so this got handled for plugins in #59198 but no-one actually created the same ticket for themes until now? In that case, thank you!

@costdev Since you worked on #59198, perhaps you'd like to tackle this one as well?

Add PHP version and WordPress version checks on bulk theme update.

Trac ticket: #59758

[marybaum]

@Lax Mariappan will test the patch. More to come from him!

I have tested the patch on PHP 7.4

It works as expected; thanks @salcode

Here are the screenshots of my CLI log.

This is my first time to test a patch, so correct me if I'm wrong.

Without patch

With path

CLI info:

OS:     Linux 5.10.47-linuxkit #1 SMP PREEMPT Sat Jul 3 21:50:16 UTC 2021 x86_64
Shell:  /bin/bash
PHP binary:     /usr/local/bin/php
PHP version:    7.4.30
php.ini used:
MySQL binary:   /usr/bin/mysql
MySQL version:  /usr/bin/mysql  Ver 15.1 Distrib 10.5.15-MariaDB, for debian-linux-gnu (x86_64) using  EditLine wrapper
SQL modes:
WP-CLI root dir:        phar://wp-cli.phar/vendor/wp-cli/wp-cli
WP-CLI vendor dir:      phar://wp-cli.phar/vendor
WP_CLI phar path:       /var/www
WP-CLI packages dir:
WP-CLI global config:
WP-CLI project config:  /var/www/wp-cli.yml
WP-CLI version: 2.6.0

[lakshmananphp]

Test Report

Env / Setup:
Theme: TT4
WordPress: 6.4
OS: macOS Sonoma
Localhost: docker wordpress-develop container
Browser: Chrome
Note: I used the Rider theme for testing, mainly checking WP CLI logs.

Setup Steps:

npm run env:cli -- wp theme install rider --version=2.1.0 --activate

Steps to test

Update the rider theme via WP CLI

Apply the patch

Remove the rider theme
Install v2.1.0 again
Update the theme via CLI

Results

Without the patch:
The rider theme got updated to the 3.0 version, which requires PHP 8.1

With the patch:
I got the error "The PHP version on your server is 7.4.30. However, the new theme requires 8.1", and the theme did not get updated.

I've added screenshots on the PR (​https://github.com/WordPress/wordpress-develop/pull/5583#issuecomment-1823567981).

Conclusion:
The patch works as expected

[jorbin]

In 57252:

Upgrade/Install: Check theme compatibility during bulk upgrades.

Previously, bulk upgrades did not verify that a theme package was compatible with the site's WordPress version or the server's PHP version.

This was previusly done for plugins in #59198, but themes were missed.

Follow-up to: [56525].

Props salcode, lakshmananphp.
Fixes #59758.

Merged in https://core.trac.wordpress.org/changeset/57252

Thanks!