[wp-trac] [WordPress Trac] #20195: Plugins uninstall.php
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 30 17:54:38 UTC 2012
#20195: Plugins uninstall.php
--------------------------+------------------------------
Reporter: wpsmith | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: major | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Changes (by lightningspirit):
* cc: lightningspirit@… (added)
* keywords: => dev-feedback
* severity: normal => major
Comment:
Indeed, like scribu said, you should not be concerned about the security
of uninstall.php for trusted plugins, internally...
...because for a less common scenario I think we have to be concerned
about the attacks from external scripts (crawlers, etc...).
Question: What happens if an external script includes wp-load.php from a
WordPress instance, defines WP_UNINSTALL_PLUGIN and then includes an
uninstall.php from a known plugin, for example, WP Ecommerce plugin?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20195#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list