[wp-trac] Re: [WordPress Trac] #5174: If plugin details cleared
while activated, "impossible" to deactivate
WordPress Trac
wp-trac at lists.automattic.com
Sat Dec 22 02:40:41 GMT 2007
#5174: If plugin details cleared while activated, "impossible" to deactivate
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect | Status: closed
Priority: lowest | Milestone:
Component: Administration | Version: 2.3
Severity: normal | Resolution: invalid
Keywords: needs-patch |
----------------------------+-----------------------------------------------
Changes (by darkdragon):
* status: new => closed
* resolution: => invalid
* milestone: 2.5 =>
Comment:
Close this as wontfix then?
There is really nothing that can really be done. Most of the safe plugins
are not going to be modifying themselves, only the bad ones. The ones that
have auto-updating have explicit permission (or so from accepting the
terms) from the user to allow the plugin to update itself.
The only way this would be a problem is if a hacker somehow gained access
to the WordPress installation (the user is screwed anyway). There is not
sure firewall way of preventing a plugin that a user activated from doing
all kinds of stuff.
Any sort of WordPress antivirus would have a fun time, but probably would
have to be a plugin anyway.
I would suggest a patch if somehow this should be reopened, but the only
solution I can see wouldn't be acceptable.
--
Ticket URL: <http://trac.wordpress.org/ticket/5174#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list