[wp-trac] [WordPress Trac] #29772: wp-admin/plugins.php should not load plugins so it can be used to disable broke activated plugins
WordPress Trac
noreply at wordpress.org
Fri Oct 31 01:01:47 UTC 2014
#29772: wp-admin/plugins.php should not load plugins so it can be used to disable
broke activated plugins
-----------------------------------+-----------------------------
Reporter: aubreypwd | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Administration | Version: trunk
Severity: normal | Resolution: wontfix
Keywords: has-patch 2nd-opinion | Focuses: administration
-----------------------------------+-----------------------------
Changes (by nacin):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Replying to [comment:12 pento]:
> `plugins.php` *must* load plugins, as most plugins change the plugin
table. It would also leave sites potentially vulnerable if they have a
security plugin that wouldn't be loaded, or if they use a custom
authentication plugin.
Bingo. For this reason alone I am closing this ticket out. #25137 already
exists for alternative proposals.
> I agree that the theme/plugin editor could be more robust, it'd be worth
investigating if we can test loading edited PHP files, before saving them.
The plugin editor does this. Themes: #21622.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29772#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list