Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#51143 closed enhancement (duplicate)

Plugin Name can cause an update of a plugin not from the official repository

Reported by: oglekler's profile oglekler Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

WordPress is getting information about plugin updates by 'Plugin Name' only and if custom made plugin happened to have a name which exists in the repository it will have the ability to get un update even if was downloaded manually and has a completely different author.

This situation can accrue later if in the repository will appear the new plugin with the name which exists somewhere like a custom plugin and site owner can update it without any doubts.

I propose to add an additional parameter like 'Plugin URI' to check plugin origin before showing an update. The proper link to the official repository at WordPress.org could be better but this parameter doesn't exist.

Change History (2)

#1 @skithund
4 years ago

The same applies to themes too

#2 @ocean90
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Hello @oglekler, welcome to WordPress Trac!

Thanks for the report. We're already tracking this issue in #23318 and #14179 for themes. #32101 is also related.

Note: See TracTickets for help on using tickets.