[wp-trac] [WordPress Trac] #22898: No validation of update_plugins site transient
WordPress Trac
noreply at wordpress.org
Wed Dec 12 20:50:14 UTC 2012
#22898: No validation of update_plugins site transient
-------------------------------------+--------------------------
Reporter: warrenholmes | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Plugins
Version: trunk | Severity: normal
Keywords: has-patch needs-testing |
-------------------------------------+--------------------------
When retreiving available plugin updates, no checks are done on
update_plugins site transient. Adding a filter on
pre_set_site_transient_update_plugins means any developer can modify the
update_plugins transient for a plugin to contain incorrect data.
The attached diff has code which is 'reactive', but performs the minimal
checks.
This has been tested on trunk.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22898>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list