Ticket #11032: 11032.diff
File 11032.diff, 3.4 KB (added by , 15 years ago) |
---|
-
wp-admin/includes/file.php
206 206 case 1 : 207 207 wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' )); 208 208 209 case 2 :210 wp_die( __('Sorry, can’t call files with their real path.' ));209 //case 2 : 210 // wp_die( __('Sorry, can’t call files with their real path.' )); 211 211 212 212 case 3 : 213 213 wp_die( __('Sorry, that file cannot be edited.' )); -
wp-admin/theme-editor.php
33 33 $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme]['Template Files']); 34 34 35 35 if (empty($file)) { 36 $file = $allowed_files[0];36 $file = addslashes($allowed_files[0]); 37 37 } else { 38 38 if ( 'theme' == $dir ) { 39 39 $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; … … 42 42 } 43 43 } 44 44 45 $real_file =validate_file_to_edit($file, $allowed_files);45 validate_file_to_edit($file, $allowed_files); 46 46 $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; 47 48 47 $file_show = basename( $file ); 49 48 50 49 switch($action) { … … 55 54 56 55 $newcontent = stripslashes($_POST['newcontent']); 57 56 $theme = urlencode($theme); 58 if (is_writeable($ real_file)) {57 if (is_writeable($file)) { 59 58 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable 60 $f = fopen($ real_file, 'w+');59 $f = fopen($file, 'w+'); 61 60 if ($f !== FALSE) { 62 61 fwrite($f, $newcontent); 63 62 fclose($f); … … 83 82 84 83 update_recently_edited($file); 85 84 86 if ( !is_file($ real_file) )85 if ( !is_file($file) ) 87 86 $error = 1; 88 87 89 if ( !$error && filesize($ real_file) > 0 ) {90 $f = fopen($ real_file, 'r');91 $content = fread($f, filesize($ real_file));88 if ( !$error && filesize($file) > 0 ) { 89 $f = fopen($file, 'r'); 90 $content = fread($f, filesize($file)); 92 91 93 if ( '.php' == substr( $ real_file, strrpos( $real_file, '.' ) ) ) {92 if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) { 94 93 $functions = wp_doc_link_parse( $content ); 95 94 96 95 $docs_select = '<select name="docs-list" id="docs-list">'; … … 102 101 } 103 102 104 103 $content = htmlspecialchars( $content ); 105 $codepress_lang = codepress_get_lang($ real_file);104 $codepress_lang = codepress_get_lang($file); 106 105 } 107 106 108 107 ?> … … 212 211 <?php } ?> 213 212 214 213 <div> 215 <?php if ( is_writeable($ real_file) ) : ?>214 <?php if ( is_writeable($file) ) : ?> 216 215 <p class="submit"> 217 216 <?php 218 217 echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />"; -
wp-includes/functions.php
3068 3068 if ( false !== strpos( $file, './' )) 3069 3069 return 1; 3070 3070 3071 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) 3072 return 3; 3073 3071 3074 if (':' == substr( $file, 1, 1 )) 3072 3075 return 2; 3073 3076 3074 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )3075 return 3;3076 3077 3077 return 0; 3078 3078 } 3079 3079