WordPress.org

Make WordPress Core

Ticket #18563: 18563.patch

File 18563.patch, 3.5 KB (added by ocean90, 3 years ago)
  • wp-admin/plugin-editor.php

     
    3737 
    3838$plugin_files = get_plugin_files($plugin); 
    3939 
    40 if ( empty($file) ) 
     40// List of allowable extensions 
     41$editable_extensions = array( 'php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include' ); 
     42$editable_extensions = (array) apply_filters( 'editable_extensions', $editable_extensions ); 
     43 
     44foreach ( $plugin_files as $i => $plugin_file ) { 
     45        // Get the extension of the file 
     46        if ( preg_match( '/\.([^.]+)$/', $plugin_file, $matches ) ) { 
     47                $ext = strtolower( $matches[1] ); 
     48                // If extension is not in the acceptable list, skip it 
     49                if ( ! in_array( $ext, $editable_extensions ) ) 
     50                        unset( $plugin_files[$i] ); 
     51        } else { 
     52                // No extension found 
     53                unset( $plugin_files[$i] ); 
     54        } 
     55} 
     56$plugin_files = array_values( $plugin_files ); 
     57 
     58if ( empty( $file ) ) { 
    4159        $file = $plugin_files[0]; 
    42 else 
    43         $file = stripslashes($file); 
     60} else if ( ! in_array( $file, $plugin_files ) ) { 
     61        wp_die( sprintf( '<p>%s</p>', __( 'This file is not allowed to edit! Double check the name and try again.' ) ) ); 
     62} else { 
     63        $file = stripslashes( $file ); 
     64} 
    4465 
    45 $file = validate_file_to_edit($file, $plugin_files); 
     66$file = validate_file_to_edit( $file, $plugin_files ); 
    4667$real_file = WP_PLUGIN_DIR . '/' . $file; 
     68 
     69if ( ! is_file( $real_file ) ) 
     70        wp_die( sprintf( '<p>%s</p>', __( 'No such file exists! Double check the name and try again.' ) ) ); 
     71 
    4772$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; 
    4873 
    4974switch ( $action ) { 
     
    94119                exit; 
    95120        } 
    96121 
    97         // List of allowable extensions 
    98         $editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include'); 
    99         $editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions); 
    100  
    101         if ( ! is_file($real_file) ) { 
    102                 wp_die(sprintf('<p>%s</p>', __('No such file exists! Double check the name and try again.'))); 
    103         } else { 
    104                 // Get the extension of the file 
    105                 if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) { 
    106                         $ext = strtolower($matches[1]); 
    107                         // If extension is not in the acceptable list, skip it 
    108                         if ( !in_array( $ext, $editable_extensions) ) 
    109                                 wp_die(sprintf('<p>%s</p>', __('Files of this type are not editable.'))); 
    110                 } 
    111         } 
    112  
    113122        add_contextual_help($current_screen, 
    114123                '<p>' . __('You can use the editor to make changes to any of your plugins&#8217; individual PHP files. Be aware that if you make changes, plugins updates will overwrite your customizations.') . '</p>' . 
    115124                '<p>' . __('Choose a plugin to edit from the menu in the upper right and click the Select button. Click once on any file name to load it in the editor, and make your changes. Don&#8217;t forget to save your changes (Update File) when you&#8217;re finished.') . '</p>' . 
     
    202211        <ul> 
    203212<?php 
    204213foreach ( $plugin_files as $plugin_file ) : 
    205         // Get the extension of the file 
    206         if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) { 
    207                 $ext = strtolower($matches[1]); 
    208                 // If extension is not in the acceptable list, skip it 
    209                 if ( !in_array( $ext, $editable_extensions ) ) 
    210                         continue; 
    211         } else { 
    212                 // No extension found 
    213                 continue; 
    214         } 
    215214?> 
    216215                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li> 
    217216<?php endforeach; ?>