[wp-trac] [WordPress Trac] #38946: WP_Upgrader: Protection against deleting files in destination directory

WordPress Trac noreply at wordpress.org
Tue Nov 7 15:26:13 UTC 2017


#38946: WP_Upgrader: Protection against deleting files in destination directory
-----------------------------+------------------------------
 Reporter:  shivapoudel      |       Owner:
     Type:  enhancement      |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Upgrade/Install  |     Version:
 Severity:  normal           |  Resolution:
 Keywords:  has-patch        |     Focuses:
-----------------------------+------------------------------

Comment (by shivapoudel):

 Hey @dd32 sorry for the late response!

 Look at this method `install_package` in `TG_Demo_Upgrader` class which
 extends `WP_Upgrader` [https://github.com/themegrill/themegrill-demo-
 importer/blob/4779becd5dfe90c689efa5bee137cdc5a2108865/includes/admin
 /class-demo-upgrader.php#L137-L351]. This was the hackathon I have used to
 protect my demo files directory.

 Likewise that method has never been extended in class like
 `Plugin_Upgrader` or themes etc. in anyway because themes and plugins
 directories are always protected but we want to protect our custom
 directories too. Read this and its worth for placing our directories or
 not without args, just kidding you can brainstorm some thought too
 [https://github.com/themegrill/themegrill-demo-
 importer/blob/4779becd5dfe90c689efa5bee137cdc5a2108865/includes/admin
 /class-demo-upgrader.php#L256-L263].

 Finally above patch can allow us to provide args to protect_destination so
 we are safe side without hassle. Look here [https://github.com/themegrill
 /themegrill-demo-
 importer/blob/4779becd5dfe90c689efa5bee137cdc5a2108865/includes/admin
 /class-demo-upgrader.php#L85]

 This solution can help me to get the name of main folder inside zip and
 install as it is :)

 That is my solution to get the name of main folder inside zip and install.
 BUT I don't want to extend the WP core upgrader `install_package` method
 in anyway in my upcoming plugin version so I am raising this patch :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38946#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list