Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#44041 closed defect (bug) (duplicate)

Appearance->Themes shows update notifications based on theme NAME alone

Reported by: scienceofspock's profile scienceofspock Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Themes Keywords:
Focuses: Cc:

Description

My team is working on a site for a client. We have created a custom theme called "Inspire".

Recently, one of our client's stakeholders was in our dev site and saw an "Update Available" button on top of our custom theme in the theme page. WordPress proceeded to download and install a completely different/unrelated theme and basically destroyed the dev site. Everything is in Git so it's not a big deal to rebuild, but what if this had been live? This seems like a HUGE bug. It appears the only criteria that was used to display this "Update available" button was the NAME of the theme, and no further checks were made during the update to make sure it was the same theme.

Change History (1)

#1 @ocean90
6 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 4.9.5 deleted

Hello @scienceofspock, welcome to the WordPress Trac!

Thanks for your report. We're already tracking this issue in #14179.

Note: See TracTickets for help on using tickets.