-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Plugin Installation: Better guard the installation flow #58297
Comments
Suggestion, saving in the state that User has indeed initiated the plugin installation. |
Considering we'll be able to identify that a plugin installation was not initiated by the customer(#58493), I think we can give the customer the chance to proceed with the installation, giving the idea of successful operation instead of an error. This way the installation link could be used directly but in a safe manner. |
|
I think this is a brilliant idea @WBerredo! 🎉 To make the implementation more straightforward, I think we should add this as a follow-up PR, after we've handled plugin icons in #58281 (comment) |
During our demo it was suggested that we should better guard our plugin installation direct url so that we avoid malicious users getting WordPress.com users to visit it and thus install a malicious wporg plugin in their site.
The text was updated successfully, but these errors were encountered: