[wp-trac] [WordPress Trac] #52048: the functions activate_plugin and deactivate_plugin need validation
WordPress Trac
noreply at wordpress.org
Sat Dec 12 18:00:07 UTC 2020
#52048: the functions activate_plugin and deactivate_plugin need validation
-------------------------+-----------------------------
Reporter: giuse | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.6
Severity: normal | Keywords: dev-feedback
Focuses: |
-------------------------+-----------------------------
The function activate_plugin
https://core.trac.wordpress.org/browser/tags/5.6/src/wp-
admin/includes/plugin.php#L633 would need the validation of the array of
plugins before saving it.
For normal installations, the current plugins are taken by
$current = get_option( 'active_plugins', array() );
For multisites they are taken by:
get_site_option( 'active_sitewide_plugins', array() );
Both the result of get_option( 'active_plugins', array() ) and
get_site_option( 'active_sitewide_plugins', array() ) can be filtered by
plugins, so you can't know if $current is a valid array of plugins.
At least, $current should be unique, so I would add
$current = array_unique( $current );
Then I would also check if the plugin files exist before saving the array
of active plugins.
I would do the same validation for the function deactivate_plugins
https://core.trac.wordpress.org/browser/tags/5.6/src/wp-
admin/includes/plugin.php#L633
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52048>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list