Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove plugin uninstallation flow #1435

Merged
merged 2 commits into from
Apr 25, 2023
Merged

Remove plugin uninstallation flow #1435

merged 2 commits into from
Apr 25, 2023

Conversation

schlessera
Copy link
Contributor

@schlessera schlessera commented Apr 24, 2023
edited

Fixes #1426.
Supersedes #1431.

This PR removes the uninstallation logic for now.

During the work on PR #1431, we realized that the uninstallation logic is way more broken than only a missing nonce, and the general user interaction flow does not properly add up. Fixing this is not only very involved, but also makes way more drastic changes to the plugin than we feel comfortable doing within the scope of a security hotfix.

To fix the currently divulged security vulnerability, we now decided to remove the uninstallation for now (which makes the missing nonce a non-issue, of course) and give ourselves the time to properly rethink the uninstallation user flow in a larger update.

Checklist

  • Project documentation has been updated to reflect the changes in this pull request, if applicable.
  • I have tested the changes in the local development environment (see contributing.md).
  • I have added phpunit tests.

@schlessera schlessera changed the base branch from develop to master April 24, 2023 16:52
@schlessera schlessera changed the title [WIP] Check for caps before loading alert settings [WIP] Remove plugin uninstallation flow Apr 24, 2023
@schlessera schlessera marked this pull request as ready for review April 24, 2023 18:51
@schlessera schlessera added this to the 3.9.3 milestone Apr 24, 2023
@schlessera schlessera changed the title [WIP] Remove plugin uninstallation flow Remove plugin uninstallation flow Apr 24, 2023
@schlessera schlessera mentioned this pull request Apr 24, 2023
Closed
3 tasks
kasparsd
kasparsd approved these changes Apr 25, 2023
View reviewed changes
Copy link
Contributor

@kasparsd kasparsd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is great, thank you @schlessera!

@kasparsd kasparsd merged commit 61a5ab9 into master Apr 25, 2023
2 checks passed
@kasparsd kasparsd deleted the fix/remove-uninstallation branch April 25, 2023 06:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kasparsd kasparsd kasparsd approved these changes

Assignees
No one assigned
Labels
bug vulnerability
Projects
None yet
Milestone
3.9.3
Development

Successfully merging this pull request may close these issues.

Vulnerability in 3.9.2
2 participants
@schlessera @kasparsd