No validation of update_plugins site transient
|Reported by:||warrenholmes||Owned by:|
|Severity:||normal||Keywords:||has-patch needs-testing close|
When retreiving available plugin updates, no checks are done on update_plugins site transient. Adding a filter on pre_set_site_transient_update_plugins means any developer can modify the update_plugins transient for a plugin to contain incorrect data.
The attached diff has code which is 'reactive', but performs the minimal checks.
This has been tested on trunk.