[wp-trac] [WordPress Trac] #55432: The $plugin parameter of the "plugin_loaded" action can be polluted by individual plugins

WordPress Trac noreply at wordpress.org
Thu Mar 24 01:49:55 UTC 2022 

#55432: The $plugin parameter of the "plugin_loaded" action can be polluted by
individual plugins
---------------------------+---------------------
 Reporter:  stevegrunwell  |       Owner:  (none)
     Type:  defect (bug)   |      Status:  new
 Priority:  normal         |   Milestone:  6.0
Component:  Plugins        |     Version:
 Severity:  normal         |  Resolution:
 Keywords:  has-patch      |     Focuses:
---------------------------+---------------------

Comment (by SergeyBiryukov):

 Replying to [comment:7 jrf]:
 > > If you have to make a change here, I vote for renaming the variable.
 >
 > That, again would be a BC-break, albeit smaller. This is a documented
 global variable in WordPress, even though only available in this limited
 context, and changing the name of the variable will:
 > 1) still not prevent people from overwriting the ''new'' name.
 > 2) may break plugins relying on the `$plugin` variable being available
 in that context.

 Thanks for taking the time to look into this! I might be missing
 something, but I could not find the `$plugin` variable being documented as
 a global anywhere in core, only as a parameter of the `plugin_loaded`
 action, which the renaming should not affect. You're right that it does
 not completely prevent overwriting the new name, however the chance of
 accidentally overwriting a name like `$_wp_plugin_file` would be much
 lower than for `$plugin`.

 [attachment:"55432.3.diff"] is a minor adjustment to more closely follow
 [28644] and address the concern of the `$plugin` variable still being
 available.

 Replying to [comment:8 azouamauriac]:
 > If we definitely agree to rename the variable here, I think
 [https://prnt.sc/AOZseuQd4awd this both] worth to be renamed...

 Good catch, thanks!

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/55432#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list