Make WordPress Core

Opened 12 years ago

Closed 10 years ago

#22898 closed defect (bug) (wontfix)

No validation of update_plugins site transient

Reported by: warrenholmes's profile warrenholmes Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Plugins Keywords: has-patch needs-testing
Focuses: Cc:

Description

When retreiving available plugin updates, no checks are done on update_plugins site transient. Adding a filter on pre_set_site_transient_update_plugins means any developer can modify the update_plugins transient for a plugin to contain incorrect data.

The attached diff has code which is 'reactive', but performs the minimal checks.

This has been tested on trunk.

Attachments (1)

update.diff (1.0 KB) - added by warrenholmes 12 years ago.

Download all attachments as: .zip

Change History (4)

@warrenholmes
12 years ago

#1 @dd32
12 years ago

  • Keywords close added

In my mind, this is a non-issue, If a plugin is modifying the data, it needs to ensure that the data is in the correct format.

All this change will do is silence any warnings the developer would have seen.

Beyond adding items (and using the correct format), or unsetting items, no plugin should be modifying the data in any other way IMHO.

#2 @SergeyBiryukov
12 years ago

  • Version changed from trunk to 2.3

#3 @DrewAPicture
10 years ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I agree with Dion in comment:1. Closing as wontfix.

Note: See TracTickets for help on using tickets.