From f1e285c9070059e2d2e6e06c60373607edf7a325 Mon Sep 17 00:00:00 2001 From: Jb Audras Date: Mon, 28 Mar 2022 13:57:08 +0000 Subject: [PATCH] Plugins: Avoid stomping of some variables in `wp-settings.php`. This changeset decreases the chance of accidentally overwriting some variables located in `wp-settings.php`, as the chance of overriding a variable called `$_wp_plugin_file` would be lower than for `$plugin`, `$mu_plugin` or `$network_plugin`. Props stevegrunwell, joyously, peterwilsoncc, ocean90, SergeyBiryukov, jrf, azouamauriac. Fixes #55432. git-svn-id: https://develop.svn.wordpress.org/trunk@53004 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-settings.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/src/wp-settings.php b/src/wp-settings.php index 85b2f2146a..355cb689bb 100644 --- a/src/wp-settings.php +++ b/src/wp-settings.php @@ -346,7 +346,9 @@ $GLOBALS['wp_plugin_paths'] = array(); // Load must-use plugins. foreach ( wp_get_mu_plugins() as $mu_plugin ) { + $_wp_plugin_file = $mu_plugin; include_once $mu_plugin; + $mu_plugin = $_wp_plugin_file; // Avoid stomping of the $mu_plugin variable in a plugin. /** * Fires once a single must-use plugin has loaded. @@ -357,13 +359,16 @@ foreach ( wp_get_mu_plugins() as $mu_plugin ) { */ do_action( 'mu_plugin_loaded', $mu_plugin ); } -unset( $mu_plugin ); +unset( $mu_plugin, $_wp_plugin_file ); // Load network activated plugins. if ( is_multisite() ) { foreach ( wp_get_active_network_plugins() as $network_plugin ) { wp_register_plugin_realpath( $network_plugin ); + + $_wp_plugin_file = $network_plugin; include_once $network_plugin; + $network_plugin = $_wp_plugin_file; // Avoid stomping of the $network_plugin variable in a plugin. /** * Fires once a single network-activated plugin has loaded. @@ -374,7 +379,7 @@ if ( is_multisite() ) { */ do_action( 'network_plugin_loaded', $network_plugin ); } - unset( $network_plugin ); + unset( $network_plugin, $_wp_plugin_file ); } /** @@ -415,7 +420,10 @@ if ( ! is_multisite() ) { // Load active plugins. foreach ( wp_get_active_and_valid_plugins() as $plugin ) { wp_register_plugin_realpath( $plugin ); + + $_wp_plugin_file = $plugin; include_once $plugin; + $plugin = $_wp_plugin_file; // Avoid stomping of the $plugin variable in a plugin. /** * Fires once a single activated plugin has loaded. @@ -426,7 +434,7 @@ foreach ( wp_get_active_and_valid_plugins() as $plugin ) { */ do_action( 'plugin_loaded', $plugin ); } -unset( $plugin ); +unset( $plugin, $_wp_plugin_file ); // Load pluggable functions. require ABSPATH . WPINC . '/pluggable.php';