Description: Plugin: Add file check to plugin deletions
Author: aaroncampbell@wordpress.org
Origin: upstream, https://core.trac.wordpress.org/changeset/40176/branches/4.1?format=diff&new=40176
Applied-Upstream: 4.7.3
Reviewed-by: Craig Small <csmall@debian.org>
Last-Update: 2017-03-08
--- a/wp-admin/plugins.php
+++ b/wp-admin/plugins.php
@@ -226,6 +226,14 @@
 				exit;
 			}
 
+			// Bail on all if any paths are invalid.
+			// validate_file() returns truthy for invalid files
+			$invalid_plugin_files = array_filter( $plugins, 'validate_file' );
+			if ( $invalid_plugin_files ) {
+				wp_redirect( self_admin_url("plugins.php?plugin_status=$status&paged=$page&s=$s") );
+				exit;
+			}
+
 			include(ABSPATH . 'wp-admin/update.php');
 
 			$parent_file = 'plugins.php';
