[wp-trac] [WordPress Trac] #20195: Plugins uninstall.php

WordPress Trac wp-trac at lists.automattic.com
Mon Apr 30 19:28:42 UTC 2012


#20195: Plugins uninstall.php
--------------------------+------------------------------
 Reporter:  wpsmith       |       Owner:
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  Plugins       |     Version:
 Severity:  major         |  Resolution:
 Keywords:  dev-feedback  |
--------------------------+------------------------------

Comment (by nacin):

 Replying to [comment:11 lightningspirit]:
 > What about using HTTP referer?

 Even easier to spoof. Don't even need access to the environment to do
 that.

 No matter what you try to do, once you can execute code, you can do
 anything. There just isn't a security consideration here, at all.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/20195#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list