[wp-trac] [WordPress Trac] #55321: Adding new themes in releases without a global theme auto-update setting renders installations insecure
WordPress Trac
noreply at wordpress.org
Sat Mar 5 02:54:39 UTC 2022
#55321: Adding new themes in releases without a global theme auto-update setting
renders installations insecure
-------------------------------+------------------------------
Reporter: bertvandepoel | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses: ui
-------------------------------+------------------------------
Changes (by costdev):
* keywords: => reporter-feedback
* type: defect (bug) => enhancement
Comment:
Hi @bertvandepoel, welcome to Trac!
There are numerous plugins to enable automatic updates. However, these
tend to offer additional options that you may simply not need.
You can alternatively save this code to a file called `enable-automatic-
updates.php`, ZIP it and distribute it to the other organisations to
install via the `Plugins > Add New > Upload`.
{{{#!php
<?php
/**
* Plugin Name: Automatic Theme Updates
* Description: Enable automatic updating of all themes on your website.
* Author: WordPress Contributors
* Author URI: https://www.wordpress.org
* License: GPLv2 or later
* License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
* Version: 1.0.0
*/
if ( defined( 'AUTOMATIC_UPDATER_DISABLED' ) && false ===
AUTOMATIC_UPDATER_DISABLED ) {
add_action(
'admin_notices',
static function() {
$notice = '<div class="notice notice-info is-dismissible">';
$notice .= "<p><code>AUTOMATIC_UPDATER_DISABLED</code> is set
and can't be overridden. Please delete the line from <code>wp-
config.php</code>.</p>";
$notice .= '</div>';
echo $notice;
}
);
} else {
add_filter( 'auto_update_theme', '__return_true' );
}
}}}
However, you can also simply disable the installation of themes bundled in
upgrades if that is your preference.
Add this to `wp-config.php`:
{{{#!php
define( 'CORE_UPGRADE_SKIP_NEW_BUNDLED', true );
}}}
Or create a plugin like the above if you want it to be easier for the
organisations to make the change themselves.
Note: If adding to a plugin, use:
{{{#!php
if ( ! defined( 'CORE_UPGRADE_SKIP_NEW_BUNDLED' ) ) {
define( 'CORE_UPGRADE_SKIP_NEW_BUNDLED', true );
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55321#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list