[wp-hackers] Need to activate plugin via plugin. how?

Anirudh Sanjeev anirudh at anirudhsanjeev.org
Mon Mar 3 13:32:59 GMT 2008


>
> (I might be wrong, but) I think there's no particular risk in doing this
> per se. It all really depends on *how* you're doing it, like passing
> arguments via POST or GET, etc, that could eventually lead to remote code
> execution and this kind of stuff. But if done properly, it shouldnt be any
> more risky than clicking on
> plugins.php?action=activate&plugin=this&nonce=that
>

The problem is I won't be having access to the nonce. So I'll have to
activate the plugin bypassing wordpress. during the testing I found if a
plugin has a fatal error(the one you're trying to install), it will go ahead
and activate anyways, while a regular wordpress plugin activation detects an
error and shuts it down.

Thanks for the information.


-- 
Anirudh Sanjeev
Third Year Undergraduate Student, Indian Institute of Technology, Kharagpur
http://anirudhsanjeev.org
Mail: anirudh at anirudhsanjeev.org
Phone: +91-97335-04828
jabber/googletalk: anirudh at anirudhsanjeev.org
If this message is signed with PGP, you can verify with my public key at
http://anirudhsanjeev.org/pubkey.txt


More information about the wp-hackers mailing list