From 0bef71846454fc669cbb4c65cd6d1c6f6d05aa0d Mon Sep 17 00:00:00 2001 From: Sean Fisher Date: Sat, 22 Jul 2023 20:11:37 -0400 Subject: [PATCH] Prevent with a cap check --- CHANGELOG.md | 2 +- src/class-wp-plugin-loader.php | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6801b2f..1659af5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,6 @@ All notable changes to `WP Plugin Loader` will be documented in this file. -## 0.1.0 - 202X-XX-XX +## 0.1.0 - 2023-07-22 - Initial release diff --git a/src/class-wp-plugin-loader.php b/src/class-wp-plugin-loader.php index ea76ec1..607dd7a 100644 --- a/src/class-wp-plugin-loader.php +++ b/src/class-wp-plugin-loader.php @@ -43,6 +43,7 @@ public function __construct( public array $plugins = [] ) { add_filter( 'plugin_action_links', [ $this, 'filter_plugin_action_links' ], 10, 2 ); add_filter( 'option_active_plugins', [ $this, 'filter_option_active_plugins' ] ); add_filter( 'pre_update_option_active_plugins', [ $this, 'filter_pre_update_option_active_plugins' ] ); + add_filter( 'map_meta_cap', [ $this, 'prevent_plugin_activation' ], 10, 2 ); } /** @@ -189,4 +190,19 @@ protected function sanitize_plugin_name( string $folder ): string { $folder = preg_replace( '#([^a-zA-Z0-9-_.]+)#', '', $folder ); return str_replace( '..', '', (string) $folder ); // To prevent going up directories. } + + /** + * Prevent any plugin activations for non-code activated plugins. + * + * @param array $caps Array of capabilities. + * @param string $cap Capability name. + * @return array + */ + public function prevent_plugin_activation( $caps, $cap ) { + if ( $this->prevent_activations && 'activate_plugins' === $cap ) { + return [ 'do_not_allow' ]; + } + + return $caps; + } }