[wp-trac] [WordPress Trac] #52048: the functions activate_plugin and deactivate_plugin need validation
    WordPress Trac 
    noreply at wordpress.org
       
    Sat Dec 12 18:00:07 UTC 2020
    
    
  
#52048: the functions activate_plugin and deactivate_plugin need validation
-------------------------+-----------------------------
 Reporter:  giuse        |      Owner:  (none)
     Type:  enhancement  |     Status:  assigned
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  General      |    Version:  5.6
 Severity:  normal       |   Keywords:  dev-feedback
  Focuses:               |
-------------------------+-----------------------------
 The function activate_plugin
 https://core.trac.wordpress.org/browser/tags/5.6/src/wp-
 admin/includes/plugin.php#L633 would need the validation of the array of
 plugins before saving it.
 For normal installations, the current plugins are taken by
 $current   = get_option( 'active_plugins', array() );
 For multisites they are taken by:
 get_site_option( 'active_sitewide_plugins', array() );
 Both the result of get_option( 'active_plugins', array() ) and
 get_site_option( 'active_sitewide_plugins', array() ) can be filtered by
 plugins, so you can't know if $current is a valid array of plugins.
 At least, $current should be unique, so I would add
 $current = array_unique( $current );
 Then I would also check if the plugin files exist before saving the array
 of active plugins.
 I would do the same validation for the function deactivate_plugins
 https://core.trac.wordpress.org/browser/tags/5.6/src/wp-
 admin/includes/plugin.php#L633
-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52048>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
    
    
More information about the wp-trac
mailing list