Open redlagoon opened 6 years ago
I'm pretty sure we use a nonce check on the installation page which would prevent this from working. What you are proposing would - again - open WP up to hacks and should be considered a security breach.
I see, thing is, a few people are already somehow doing it:
https://github.com/richtabor/MerlinWP/blob/master/class-merlin.php#L984
Is this a wrong approach?
Assume my question now refers to a back-end approach, as in, I'd use TGMPA's functionality to install in the back-end only. Still no hooks / functions for me to do it easily?
Assume I have a list of plugins that the user has selected to install, from the front-end.
Let's say my list came from a JSON request and is now:
$labels = [ 'social-media-upgrade-2.0', 'my-shortcodes'];
These plugins might or might not be registered through TGMPA (but generally speaking, they will), now, how can I tell TGMPA that I want it to look at these handles and if it finds any of them in its registered list, I want it to go ahead and install it for me?
I'm looking for something like
$tgmpa->install_plugin( $handle )
.Or even pinging the
themes.php?page=tgmpa-install-plugins
would work, but I'm not sure what data to pass to it...The goal here is to extrapolate the process of installing a plugin and use it to a screen of my own choice, based on user input.