Plugin update shouldn't delete package from local filesystem
|Reported by:||joelhardi||Owned by:||dd32|
While working on #14915 I discovered a small separate issue.
Currently, when upgrading a plugin, the package (zip) file is extracted to the filesystem and then deleted, no matter what the source of the file is.
- Remotely fetched packages, after they're extracted, are deleted from their temporary location (which is fine, that's garbage collection).
- Local files, however, are also deleted from wherever they happen to be. I don't think that it's right to silently unlink from the user's local filesystem like this. If I've got a file sitting on my local system (especially outside WordPress' file tree) I don't expect WordPress to delete it (without asking).
I doubt this issue has come up as I can't imagine it affects many people (who has or would manually download a plugin package and then hack the WordPress upgrader to install it, instead of just unzipping into the plugins folder?). Nevertheless I think it's undesirable behavior, and the attached patch is a trivial enhancement.
Change History (9)
- Component changed from Plugins to Upgrade/Install
- Keywords 3.2-early added; dev-feedback removed
- Milestone changed from Awaiting Review to Future Release
- Owner set to dd32
- Status changed from new to accepted