[wp-trac] [WordPress Trac] #51143: Plugin Name can cause an update of a plugin not from the official repository
WordPress Trac
noreply at wordpress.org
Wed Aug 26 08:10:13 UTC 2020
#51143: Plugin Name can cause an update of a plugin not from the official
repository
-----------------------------+-----------------------------
Reporter: oglekler | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
WordPress is getting information about plugin updates by 'Plugin Name'
only and if custom made plugin happened to have a name which exists in the
repository it will have the ability to get un update even if was
downloaded manually and has a completely different author.
This situation can accrue later if in the repository will appear the new
plugin with the name which exists somewhere like a custom plugin and site
owner can update it without any doubts.
I propose to add an additional parameter like 'Plugin URI' to check plugin
origin before showing an update. The proper link to the official
repository at WordPress.org could be better but this parameter doesn't
exist.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51143>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list