[wp-trac] Re: [WordPress Trac] #9164: #6871 Regression for Plugin Dir

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 18 20:48:38 GMT 2009


#9164: #6871 Regression for Plugin Dir
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:  ryan                    
     Type:  defect (bug)  |      Status:  new                     
 Priority:  high          |   Milestone:  2.7.2                   
Component:  Security      |     Version:  2.7                     
 Severity:  normal        |    Keywords:  2nd-opinion dev-feedback
--------------------------+-------------------------------------------------
Changes (by DD32):

  * keywords:  => 2nd-opinion dev-feedback
  * version:  => 2.7


Comment:

 First up, How did #6871 cause a regression? Or was it simply another
 vector that was ignored?

 Secondly, On the plugins page, The plugins metadata is checked (ie. If the
 plugin contains no metadata, then its deactivated), Checking the contents
 of the files on every load would be too slow - No, Seriously, Getting
 plugin meta data is a really expensive task.. no-one in their right mind
 would read it every pageload

 So.. Your suggestion to combat all of this is:
  * Check that the plugin filename ends in .php
  * make a function that users can call in their theme to read the metadata
 and validate the plugins..

 (sorry if i've missed something)

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9164#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list