[wp-hackers] Need to activate plugin via plugin. how?
Ozh
ozh at planetozh.com
Mon Mar 3 13:23:08 GMT 2008
>I am currently activating the plugin by directly modifying the
>"active_plugins" option, similar to how wordpress does. This is going to
be
>done with the user's consent of course, but is there any security risk
>involved in that?
(I might be wrong, but) I think there's no particular risk in doing this
per se. It all really depends on *how* you're doing it, like passing
arguments via POST or GET, etc, that could eventually lead to remote code
execution and this kind of stuff. But if done properly, it shouldnt be any
more risky than clicking on
plugins.php?action=activate&plugin=this&nonce=that
>Also what function does wordpress use to detect details of plugins and
>themes, I'm using regular expressions but they're not as good as
detecting
>the details like wordpress is.
wp-admin/includes/themes.php for themes explains it all
get_plugin_data($file) does the job for plugins
Ozh
--
http://planetozh.com/blog/
More information about the wp-hackers
mailing list