[wp-trac] Re: [WordPress Trac] #5564: Non Plugin Files Cab Be
Easily Included In Current Plugins using database Manipulation
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 2 02:50:10 GMT 2008
#5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database
Manipulation
-----------------------------+----------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: defect | Status: new
Priority: highest omg bbq | Milestone: 2.5
Component: Security | Version:
Severity: critical | Resolution:
Keywords: |
-----------------------------+----------------------------------------------
Comment (by darkdragon):
Actually, I find this quite useful as a feature. It has allowed me to
activate required plugin modules that I depend on and still allow the
plugins to show up in the plugin list.
What you are suggesting could have some speed implications.
I also think that something as speed critical as the Plugin API could use
some extra checks and balances, but would really do more harm for a lot of
users.
There is really not much that can be done with corrupt themes and plugins
except having an active community which informs about such things. It also
would help to get plugins from "trusted" sources, which are reviewed
(however, probably does not have "evil" checks).
--
Ticket URL: <http://trac.wordpress.org/ticket/5564#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list