Ticket #18563: 18563.patch
File 18563.patch, 3.5 KB (added by , 13 years ago) |
---|
-
wp-admin/plugin-editor.php
37 37 38 38 $plugin_files = get_plugin_files($plugin); 39 39 40 if ( empty($file) ) 40 // List of allowable extensions 41 $editable_extensions = array( 'php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include' ); 42 $editable_extensions = (array) apply_filters( 'editable_extensions', $editable_extensions ); 43 44 foreach ( $plugin_files as $i => $plugin_file ) { 45 // Get the extension of the file 46 if ( preg_match( '/\.([^.]+)$/', $plugin_file, $matches ) ) { 47 $ext = strtolower( $matches[1] ); 48 // If extension is not in the acceptable list, skip it 49 if ( ! in_array( $ext, $editable_extensions ) ) 50 unset( $plugin_files[$i] ); 51 } else { 52 // No extension found 53 unset( $plugin_files[$i] ); 54 } 55 } 56 $plugin_files = array_values( $plugin_files ); 57 58 if ( empty( $file ) ) { 41 59 $file = $plugin_files[0]; 42 else 43 $file = stripslashes($file); 60 } else if ( ! in_array( $file, $plugin_files ) ) { 61 wp_die( sprintf( '<p>%s</p>', __( 'This file is not allowed to edit! Double check the name and try again.' ) ) ); 62 } else { 63 $file = stripslashes( $file ); 64 } 44 65 45 $file = validate_file_to_edit( $file, $plugin_files);66 $file = validate_file_to_edit( $file, $plugin_files ); 46 67 $real_file = WP_PLUGIN_DIR . '/' . $file; 68 69 if ( ! is_file( $real_file ) ) 70 wp_die( sprintf( '<p>%s</p>', __( 'No such file exists! Double check the name and try again.' ) ) ); 71 47 72 $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; 48 73 49 74 switch ( $action ) { … … 94 119 exit; 95 120 } 96 121 97 // List of allowable extensions98 $editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include');99 $editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions);100 101 if ( ! is_file($real_file) ) {102 wp_die(sprintf('<p>%s</p>', __('No such file exists! Double check the name and try again.')));103 } else {104 // Get the extension of the file105 if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) {106 $ext = strtolower($matches[1]);107 // If extension is not in the acceptable list, skip it108 if ( !in_array( $ext, $editable_extensions) )109 wp_die(sprintf('<p>%s</p>', __('Files of this type are not editable.')));110 }111 }112 113 122 add_contextual_help($current_screen, 114 123 '<p>' . __('You can use the editor to make changes to any of your plugins’ individual PHP files. Be aware that if you make changes, plugins updates will overwrite your customizations.') . '</p>' . 115 124 '<p>' . __('Choose a plugin to edit from the menu in the upper right and click the Select button. Click once on any file name to load it in the editor, and make your changes. Don’t forget to save your changes (Update File) when you’re finished.') . '</p>' . … … 202 211 <ul> 203 212 <?php 204 213 foreach ( $plugin_files as $plugin_file ) : 205 // Get the extension of the file206 if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) {207 $ext = strtolower($matches[1]);208 // If extension is not in the acceptable list, skip it209 if ( !in_array( $ext, $editable_extensions ) )210 continue;211 } else {212 // No extension found213 continue;214 }215 214 ?> 216 215 <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li> 217 216 <?php endforeach; ?>