Ticket #11032: 11032.diff

wp-admin/includes/file.php

@@ -206 +206 @@
                 case 1 :
                         wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' ));
 
-                case 2 :
-                        wp_die( __('Sorry, can’t call files with their real path.' ));
+                //case 2 :
+                //      wp_die( __('Sorry, can’t call files with their real path.' ));
 
                 case 3 :
                         wp_die( __('Sorry, that file cannot be edited.' ));

wp-admin/theme-editor.php

@@ -33 +33 @@
 $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme]['Template Files']);
 
 if (empty($file)) {
-        $file = $allowed_files[0];
+        $file = addslashes($allowed_files[0]);
 } else {
         if ( 'theme' == $dir ) {
                 $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; 
@@ -42 +42 @@
         }
 }
 
-$real_file = validate_file_to_edit($file, $allowed_files);
+validate_file_to_edit($file, $allowed_files);
 $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0;
-
 $file_show = basename( $file );
 
 switch($action) {
@@ -55 +54 @@
 
         $newcontent = stripslashes($_POST['newcontent']);
         $theme = urlencode($theme);
-        if (is_writeable($real_file)) {
+        if (is_writeable($file)) {
                 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
-                $f = fopen($real_file, 'w+');
+                $f = fopen($file, 'w+');
                 if ($f !== FALSE) {
                         fwrite($f, $newcontent);
                         fclose($f);
@@ -83 +82 @@
 
         update_recently_edited($file);
 
-        if ( !is_file($real_file) )
+        if ( !is_file($file) )
                 $error = 1;
 
-        if ( !$error && filesize($real_file) > 0 ) {
-                $f = fopen($real_file, 'r');
-                $content = fread($f, filesize($real_file));
+        if ( !$error && filesize($file) > 0 ) {
+                $f = fopen($file, 'r');
+                $content = fread($f, filesize($file));
 
-                if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) {
+                if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) {
                         $functions = wp_doc_link_parse( $content );
 
                         $docs_select = '<select name="docs-list" id="docs-list">';
@@ -102 +101 @@
                 }
 
                 $content = htmlspecialchars( $content );
-                $codepress_lang = codepress_get_lang($real_file);
+                $codepress_lang = codepress_get_lang($file);
         }
 
         ?>
@@ -212 +211 @@
         <?php } ?>
 
                 <div>
-<?php if ( is_writeable($real_file) ) : ?>
+<?php if ( is_writeable($file) ) : ?>
                         <p class="submit">
 <?php
         echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />";

wp-includes/functions.php

@@ -3068 +3068 @@
         if ( false !== strpos( $file, './' ))
                 return 1;
 
+        if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
+                return 3;
+
         if (':' == substr( $file, 1, 1 ))
                 return 2;
 
-        if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
-                return 3;
-
         return 0;
 }