[wp-hackers] Need to activate plugin via plugin. how?

Ozh ozh at planetozh.com
Mon Mar 3 13:23:08 GMT 2008

>I am currently activating the plugin by directly modifying the
>"active_plugins" option, similar to how wordpress does. This is going to 
>done with the user's consent of course, but is there any security risk
>involved in that?

(I might be wrong, but) I think there's no particular risk in doing this 
per se. It all really depends on *how* you're doing it, like passing 
arguments via POST or GET, etc, that could eventually lead to remote code 
execution and this kind of stuff. But if done properly, it shouldnt be any 
more risky than clicking on 

>Also what function does wordpress use to detect details of plugins and
>themes, I'm using regular expressions but they're not as good as 
>the details like wordpress is.

wp-admin/includes/themes.php for themes explains it all
get_plugin_data($file) does the job for plugins


More information about the wp-hackers mailing list