[wp-trac] [WordPress Trac] #59375: Plugin_Upgrader assumption causes incorrect "Activate Plugin" link after plugin installation resulting in "The plugin does not have a valid header" error

WordPress Trac noreply at wordpress.org
Sun Sep 17 13:13:19 UTC 2023 

#59375: Plugin_Upgrader assumption causes incorrect "Activate Plugin" link after
plugin installation resulting in "The plugin does not have a valid header"
error
--------------------------------+-----------------------------
 Reporter:  michelleblanchette  |      Owner:  (none)
     Type:  defect (bug)        |     Status:  new
 Priority:  normal              |  Milestone:  Awaiting Review
Component:  Plugins             |    Version:  6.3.1
 Severity:  normal              |   Keywords:  needs-patch
  Focuses:                      |
--------------------------------+-----------------------------
 ''Observed in WordPress 6.3.1''

 == Issue Summary ==

 The "Activate Plugin" link after installing a new plugin is inconsistent
 with the "Activate" link generated in the Installed Plugins listing table.

 The "Activate Plugin" link on the plugin installation screen makes
 assumptions that produces an incorrect link which results in the user
 encountering the "The plugin does not have a valid header" error.

 == Steps to Reproduce ==

 1. Create a plugin that contains another plugin.
    1.a. The contained plugin's basename should be lexicographically less
 than the wrapper plugin which you are actually trying to install. For
 example, "hello-pro/hello-pro.php" is the main plugin which contains
 "hello-pro/hello/hello.php" as a base/dependency plugin.
 2. Add the plugin via wp-admin > Plugins > Add New and upload the plugin
 zip file.
 3. Upon successful installation, click the "Activate Plugin" link.
    3.a. Notice that the "?action=activate&plugin=..." plugin value is
 wrong as it refers to the contained plugin's main file within the wrapper
 plugin.
 4. Observe the wp_die() error screen which says "The plugin does not have
 a valid header"

 == Problematic Source Code ==

 The incorrect "Activate Plugin" link is generated here:
 https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b
 /wp-admin/includes/class-plugin-installer-skin.php#L115

 The offending assumption is here:
 https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b
 /wp-admin/includes/class-plugin-upgrader.php#L546

 Caused by an arbitrary situation here:
 https://github.com/WordPress/WordPress/blob/3546f04e160fbd31b46ba70b583d0a1d9fe1d80b
 /wp-admin/includes/plugin.php#L348

 === Explanation ===

 The "Activate Plugin" link on the "Installing plugin from uploaded file"
 screen in wp-admin uses the least lexicographic plugin basename discovered
 within the plugin's files. This is an arbitrary situation which can result
 in the incorrect plugin basename being referenced for activation, which
 ultimately results in the user experiencing an error screen.

 == Desired Solution ==

 The "Activate Plugin" link after adding a new plugin and the "Activate"
 link in the installed plugin's table row actions should match. The
 "Activate" link in the plugins listing table is preferred as it refers to
 the correct plugin basename for activation.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/59375>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list