[wp-trac] [WordPress Trac] #38661: There is no one way of checking the nonce on plugin uninstallation
WordPress Trac
noreply at wordpress.org
Sat Feb 3 05:39:02 UTC 2018
#38661: There is no one way of checking the nonce on plugin uninstallation
--------------------------+----------------------
Reporter: szepe.viktor | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Plugins | Version: 4.6.1
Severity: normal | Resolution: invalid
Keywords: close | Focuses:
--------------------------+----------------------
Changes (by dd32):
* resolution: worksforme => invalid
* milestone: Awaiting Review =>
Comment:
Plugins should not check core nonces on the
deactivation/activation/uninstallation hooks as core does this for them.
Plugins also cannot expect that they're being activated by the web ui, as
they may also happen through the CLI (see wp-cli) or other management
scripts which might fire off the hooks.
In short: Check any nonces which the plugin adds, but allow core to
validate it's own nonces.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38661#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list