#38682 closed defect (bug) (invalid)
Unauthorized plugin install
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
I have noticed, that in MS sub-site a plugin can be installed and activated (however, plugin instalaltion should be only allowed from MS dashboard).
Some themes require additional "required plugins" to be installed. That is visible in SUB-SITE menu too:
so, while superadmin is there, plugins can be installed from there too.
I think, that it should not be allowed from there. There should be message (after user clicks "INSTALL PLUGINS" sub-menu): Please install it from MS dashboard.. (or smth like this)
Change History (2)
#1
@
8 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
#2
@
8 years ago
1) If i remember, theme was HUEMAN (from WP repository).
2) I think WP CORE has ability to prevent. Just check if HOME_URL is sub-site, and in case, prevent plugin installation. I thought it was easy for Core developers to prevent that, but you know that better than me. thanks anyway.
Hi @tazotodua,
I completely agree with you here - however, this is the theme adding the plugin install option here, not WordPress.
Unfortunately WordPress/PHP does not have the ability to prevent an installed theme or plugin from offering such functionalities.
You should report this to the author of the plugin and request multisite compatibility be added to the theme.
If it's a theme you got from WordPress.org, I'd be interested in knowing which one.
I'm marking this as invalid as it's not an issue in Core, discussion may continue while the ticket is closed though.