[wp-trac] [WordPress Trac] #15134: WordPress should not try to remove theme's or plugin's directory recursively if the directory is a symlink
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 16 19:56:25 UTC 2010
#15134: WordPress should not try to remove theme's or plugin's directory
recursively if the directory is a symlink
---------------------------------+------------------------------------------
Reporter: vladimir_kolesnikov | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Upgrade/Install | Version:
Severity: normal | Resolution: wontfix
Keywords: |
---------------------------------+------------------------------------------
Comment(by vladimir_kolesnikov):
Replying to [comment:1 Denis-de-Bernardy]:
> The risk is quite huge in that setup: only one site gets put on
maintenance mode, even though the plugin update could be affecting dozens
of sites.
No. If the symlink is removed, only one site gets updated (the user wants
to have a newer version of the plugin on their own risk). But if the whole
tree is removed (what WordPress does now), ALL sites are affected and this
is an unexpected result and can be security risk.
Using WP_PLUGIN_DIR/URL is not an option if the sites can have their own
plugins (ie, when only a subset of plugins is shared between all
installations).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15134#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list