Opened 12 years ago
Closed 10 years ago
#22898 closed defect (bug) (wontfix)
No validation of update_plugins site transient
Reported by: | warrenholmes | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.3 |
Component: | Plugins | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
When retreiving available plugin updates, no checks are done on update_plugins site transient. Adding a filter on pre_set_site_transient_update_plugins means any developer can modify the update_plugins transient for a plugin to contain incorrect data.
The attached diff has code which is 'reactive', but performs the minimal checks.
This has been tested on trunk.
Attachments (1)
Change History (4)
Note: See
TracTickets for help on using
tickets.
In my mind, this is a non-issue, If a plugin is modifying the data, it needs to ensure that the data is in the correct format.
All this change will do is silence any warnings the developer would have seen.
Beyond adding items (and using the correct format), or unsetting items, no plugin should be modifying the data in any other way IMHO.