force_activation asks for install

[jaschaio]

I remember that a few weeks ago, force_activation installed and activated the plugin directly upon theme install.

But right now when I try the same, I get an admin notice that a plugin is required and that asks to install it manually.

Is this intended to work like this?

Edit: There seems to be a problem with my plugin. I just tried a random other plugin to activate automatically and it works as intended. But if I use my plugin it won't. If I install the plugin via "Add plugin" in the Wordpress Dashboard or using the custom TGM site inside the admin panel everything works fine. It just doesn't installs and activate upon theme activation.

[jaschaio]

Ok, I found this two issues: #279 #242

So apparently this is intented to work like this. The other plugins that looked like they "installed automatically" were already installed and just activated upon theme activation.

Anyway I can't really follow the security concerns, as even with manual user intervention these security concerns aren't solved. The user has anyway no real idea what a specific plugin, installed by the TGM class will do to his site. So the additional manual step won't prevent him from installing potentially harming code.

[jrfnl]

The user has anyway no real idea what a specific plugin, installed by the TGM class will do to his site.

I disagree. If it's a plugin which is hosted on wp.org or an information url has been provided in the TGMPA config array, the user can inform him/herself of what the plugin does/is supposed to do as the TGMPA plugin install page will provide links to those pages.