[Jafo232]

Quote:

Originally Posted by thebluelizard

I'm confused here. How is anyone getting this working in it's current form? I'm running WP 2.0 and it wasn't working. I looked through the code and found these lines:

I actually don't know how that's even working for anyone, because the links to activate the plugin are in the format ?action=activate. So, there's no activate GET variable as far as I can tell. I change those lines to this and it's working fine for me:

Maybe it requires register_globals on? In which case, that's a no-no, as it encourages insecure programming practices. Just want to make sure everything's secure for everyone

If it had anything to do with register_globals then there would be no need in using the $_GET array, you could just use $action, or $deactivate.

If you open the plugins.php file you will note:

Code:

wp_redirect('plugins.php?activate=true');
	} else if ('deactivate' == $_GET['action']) {
		check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
		$current = get_settings('active_plugins');
		array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
		update_option('active_plugins', $current);
		do_action('deactivate_' . trim( $_GET['plugin'] ));
		wp_redirect('plugins.php?deactivate=true');

You will note the wp_redirect call where it sets activate and deactivate. The reason why you do not compare the action, is because it has not been thoroughly checked to make sure it is an admin calling the action amongst other things. It is a security checkpoint.

Nobody has reported any problems activating the plug-in. You should note however, that there are issues with the plugin page in wordpress because it uses AJAX and the developers did not take into account all the possible cache settings browsers/ISP's may be using. You can google: wordpress plugin page AJAX, to see more about this.