[wp-meta] [Making WordPress.org] #3011: Plugin Directory: Disallow changing the slug to an existing plugin's slug

Making WordPress.org noreply at wordpress.org
Sat Jul 29 23:16:42 UTC 2017 

#3011: Plugin Directory: Disallow changing the slug to an existing plugin's slug
------------------------------+------------------------------------
 Reporter:  SergeyBiryukov    |       Owner:
     Type:  defect            |      Status:  new
 Priority:  high              |   Milestone:  Plugin Directory v3.0
Component:  Plugin Directory  |  Resolution:
 Keywords:  has-patch         |
------------------------------+------------------------------------
Description changed by SergeyBiryukov:

Old description:

> Background:
> [https://wordpress.slack.com/archives/C02QB8GMM/p1501111545500483
> discussion in #meta] with @otto42 and @ipstenu.
>
> Under some circumstances, it's possible to have plugins with duplicate
> slugs:
> 1. Open a plugin with a `new` (Pending Initial Review) status for
> editing.
> 2. Change the slug to another existing plugin's slug.
> 3. Click "Mark as Pending".
> 4. There are now two plugins with the same slug. Whichever one is updated
> next will get a `-2` appended to its slug, causing some confusion.
>
> Changing the slug to another existing plugin's slug should be disallowed.

New description:

 Background:
 [https://wordpress.slack.com/archives/C02QB8GMM/p1501111545500483
 discussion in #meta] with @otto42 and @ipstenu.

 Under some circumstances, it's possible to have plugins with duplicate
 slugs:
 1. Open a plugin with a `new` (Pending Initial Review) status for editing.
 2. Change the slug to another existing plugin's slug.
 3. Click "Mark as Pending".
 4. There are now two plugins with the same slug. Whichever one is updated
 next will get a `-2` appended to its slug, causing some confusion.

 Changing the slug to another existing plugin's slug should be disallowed.

 Some technical details: this happens because
 [https://core.trac.wordpress.org/browser/tags/4.8/src/wp-
 includes/post.php?marks=3673,3674#L3657 wp_unique_post_slug()] bails early
 when dealing with a pending post. Both
 [https://core.trac.wordpress.org/browser/tags/4.8/src/wp-
 admin/includes/post.php?marks=1232-1236#L1231 get_sample_permalink()] and
 [https://core.trac.wordpress.org/browser/tags/4.8/src/wp-admin/includes
 /ajax-actions.php?marks=1720-1724#L1719 wp_ajax_inline_save()] have a hack
 to prevent that by faking a`'publish'` status, but
 `get_sample_permalink()` does not run on Edit Plugin screen, so some
 additional checks are needed.

--

--
Ticket URL: <https://meta.trac.wordpress.org/ticket/3011#comment:2>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org

More information about the wp-meta mailing list