Make WordPress Core

Changeset 48149


Ignore:
Timestamp:
06/23/2020 10:56:10 PM (4 years ago)
Author:
whyisjake
Message:

Security: Don't display the plugin auto-update options for mu-plugins or dropins.

They can't be updated, so we shouldn't be showing the buttons.

Fixes #50459.

Props Chouby, audrasjb, pbiron.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-plugins-list-table.php

    r48121 r48149  
    6161        $page = $this->get_pagenum();
    6262
    63         $this->show_autoupdates = wp_is_auto_update_enabled_for_type( 'plugin' ) &&
    64             current_user_can( 'update_plugins' ) &&
    65             ( ! is_multisite() || $this->screen->in_admin( 'network' ) );
     63        $this->show_autoupdates = wp_is_auto_update_enabled_for_type( 'plugin' )
     64            && current_user_can( 'update_plugins' )
     65            && ( ! is_multisite() || $this->screen->in_admin( 'network' ) )
     66            && ! in_array( $status, array( 'mustuse', 'dropins' ), true );
    6667    }
    6768
Note: See TracChangeset for help on using the changeset viewer.