|Reported by:||wpsmith||Owned by:|
Should there be some more security around the use of uninstall.php, possibly giving the user the ability to chose whether to delete the options stored by the plugin or not? Even though WP_UNINSTALL_PLUGIN is one safeguard, is it the best?
As it stands now, sadly, any plugin can add/update/delete options with this function. Or it would be great to be able to add the ability for WordPress to notify the user of what options the plugin is about to delete.
I am not sure the best course of action on this, but feel that there may be some room for improvement here.
Change History (17)
comment:2 @lightningspirit — 3 years ago
- Cc lightningspirit@… added
- Keywords dev-feedback added
- Severity changed from normal to major
comment:16 @scribu — 3 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed