WordPress.org

Make WordPress Core

Ticket #18563: 18563.diff

File 18563.diff, 3.6 KB (added by trepmal, 3 years ago)
  • wp-admin/plugin-editor.php

     
    3737 
    3838$plugin_files = get_plugin_files($plugin); 
    3939 
    40 if ( empty($file) ) 
     40// List of allowable extensions 
     41$editable_extensions = array( 'php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include' ); 
     42$editable_extensions = (array) apply_filters( 'editable_extensions', $editable_extensions ); 
     43 
     44foreach ( $plugin_files as $i => $plugin_file ) { 
     45        // Get the extension of the file 
     46        if ( preg_match( '/\.([^.]+)$/', $plugin_file, $matches ) ) { 
     47                $ext = strtolower( $matches[1] ); 
     48                // If extension is not in the acceptable list, skip it 
     49                if ( ! in_array( $ext, $editable_extensions ) ) 
     50                        unset( $plugin_files[$i] ); 
     51        } else { 
     52                // No extension found 
     53                unset( $plugin_files[$i] ); 
     54        } 
     55} 
     56$plugin_files = array_values( $plugin_files ); 
     57 
     58if ( empty( $file ) && empty( $plugin_files ) ) { 
     59        wp_die( __( 'This plugin does not have any editable files.' ) ); 
     60} else if ( empty( $file ) ) { 
    4161        $file = $plugin_files[0]; 
    42 else 
    43         $file = stripslashes($file); 
     62} else if ( ! in_array( $file, $plugin_files ) ) { 
     63        wp_die( __( 'This filetype is not editable! Double check the name and try again.' ) ); 
     64} else { 
     65        $file = stripslashes( $file ); 
     66} 
    4467 
    45 $file = validate_file_to_edit($file, $plugin_files); 
     68$file = validate_file_to_edit( $file, $plugin_files ); 
    4669$real_file = WP_PLUGIN_DIR . '/' . $file; 
     70 
     71if ( ! is_file( $real_file ) ) 
     72        wp_die( __( 'No such file exists! Double check the name and try again.' ) ); 
     73 
    4774$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; 
    4875 
    4976switch ( $action ) { 
     
    94121                exit; 
    95122        } 
    96123 
    97         // List of allowable extensions 
    98         $editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include'); 
    99         $editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions); 
    100  
    101         if ( ! is_file($real_file) ) { 
    102                 wp_die(sprintf('<p>%s</p>', __('No such file exists! Double check the name and try again.'))); 
    103         } else { 
    104                 // Get the extension of the file 
    105                 if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) { 
    106                         $ext = strtolower($matches[1]); 
    107                         // If extension is not in the acceptable list, skip it 
    108                         if ( !in_array( $ext, $editable_extensions) ) 
    109                                 wp_die(sprintf('<p>%s</p>', __('Files of this type are not editable.'))); 
    110                 } 
    111         } 
    112  
    113124        add_contextual_help($current_screen, 
    114125                '<p>' . __('You can use the editor to make changes to any of your plugins&#8217; individual PHP files. Be aware that if you make changes, plugins updates will overwrite your customizations.') . '</p>' . 
    115126                '<p>' . __('Choose a plugin to edit from the menu in the upper right and click the Select button. Click once on any file name to load it in the editor, and make your changes. Don&#8217;t forget to save your changes (Update File) when you&#8217;re finished.') . '</p>' . 
     
    202213        <ul> 
    203214<?php 
    204215foreach ( $plugin_files as $plugin_file ) : 
    205         // Get the extension of the file 
    206         if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) { 
    207                 $ext = strtolower($matches[1]); 
    208                 // If extension is not in the acceptable list, skip it 
    209                 if ( !in_array( $ext, $editable_extensions ) ) 
    210                         continue; 
    211         } else { 
    212                 // No extension found 
    213                 continue; 
    214         } 
    215216?> 
    216217                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li> 
    217218<?php endforeach; ?>