From a25c8cb0779d7b6045d5774e03754d61bd2d23b3 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 8 Nov 2006 02:20:02 +0000
Subject: [PATCH] Add some plugin activation validation.

git-svn-id: http://svn.automattic.com/wordpress/trunk@4453 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/plugins.php | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php
index 25add89f1b..e8984d8ce3 100644
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -5,12 +5,17 @@ if ( isset($_GET['action']) ) {
 	if ('activate' == $_GET['action']) {
 		check_admin_referer('activate-plugin_' . $_GET['plugin']);
 		$current = get_option('active_plugins');
-		if (!in_array($_GET['plugin'], $current)) {
-			$current[] = trim( $_GET['plugin'] );
+		$plugin = trim($_GET['plugin']);
+		if ( validate_file($plugin) )
+			wp_die(__('Invalid plugin.'));
+		if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) )
+			wp_die(__('Plugin file does not exist.'));
+		if (!in_array($plugin, $current)) {
+			$current[] = $plugin;
 			sort($current);
 			update_option('active_plugins', $current);
-			include(ABSPATH . PLUGINDIR . '/' . trim( $_GET['plugin'] ));
-			do_action('activate_' . trim( $_GET['plugin'] ));
+			include(ABSPATH . PLUGINDIR . '/' . $plugin);
+			do_action('activate_' . $plugin);
 		}
 		wp_redirect('plugins.php?activate=true');
 	} else if ('deactivate' == $_GET['action']) {