Make WordPress Core

Ticket #18563: 18563.patch

File 18563.patch, 3.5 KB (added by ocean90, 13 years ago)
  • wp-admin/plugin-editor.php

     
    3737
    3838$plugin_files = get_plugin_files($plugin);
    3939
    40 if ( empty($file) )
     40// List of allowable extensions
     41$editable_extensions = array( 'php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include' );
     42$editable_extensions = (array) apply_filters( 'editable_extensions', $editable_extensions );
     43
     44foreach ( $plugin_files as $i => $plugin_file ) {
     45        // Get the extension of the file
     46        if ( preg_match( '/\.([^.]+)$/', $plugin_file, $matches ) ) {
     47                $ext = strtolower( $matches[1] );
     48                // If extension is not in the acceptable list, skip it
     49                if ( ! in_array( $ext, $editable_extensions ) )
     50                        unset( $plugin_files[$i] );
     51        } else {
     52                // No extension found
     53                unset( $plugin_files[$i] );
     54        }
     55}
     56$plugin_files = array_values( $plugin_files );
     57
     58if ( empty( $file ) ) {
    4159        $file = $plugin_files[0];
    42 else
    43         $file = stripslashes($file);
     60} else if ( ! in_array( $file, $plugin_files ) ) {
     61        wp_die( sprintf( '<p>%s</p>', __( 'This file is not allowed to edit! Double check the name and try again.' ) ) );
     62} else {
     63        $file = stripslashes( $file );
     64}
    4465
    45 $file = validate_file_to_edit($file, $plugin_files);
     66$file = validate_file_to_edit( $file, $plugin_files );
    4667$real_file = WP_PLUGIN_DIR . '/' . $file;
     68
     69if ( ! is_file( $real_file ) )
     70        wp_die( sprintf( '<p>%s</p>', __( 'No such file exists! Double check the name and try again.' ) ) );
     71
    4772$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0;
    4873
    4974switch ( $action ) {
     
    94119                exit;
    95120        }
    96121
    97         // List of allowable extensions
    98         $editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include');
    99         $editable_extensions = (array) apply_filters('editable_extensions', $editable_extensions);
    100 
    101         if ( ! is_file($real_file) ) {
    102                 wp_die(sprintf('<p>%s</p>', __('No such file exists! Double check the name and try again.')));
    103         } else {
    104                 // Get the extension of the file
    105                 if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) {
    106                         $ext = strtolower($matches[1]);
    107                         // If extension is not in the acceptable list, skip it
    108                         if ( !in_array( $ext, $editable_extensions) )
    109                                 wp_die(sprintf('<p>%s</p>', __('Files of this type are not editable.')));
    110                 }
    111         }
    112 
    113122        add_contextual_help($current_screen,
    114123                '<p>' . __('You can use the editor to make changes to any of your plugins&#8217; individual PHP files. Be aware that if you make changes, plugins updates will overwrite your customizations.') . '</p>' .
    115124                '<p>' . __('Choose a plugin to edit from the menu in the upper right and click the Select button. Click once on any file name to load it in the editor, and make your changes. Don&#8217;t forget to save your changes (Update File) when you&#8217;re finished.') . '</p>' .
     
    202211        <ul>
    203212<?php
    204213foreach ( $plugin_files as $plugin_file ) :
    205         // Get the extension of the file
    206         if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) {
    207                 $ext = strtolower($matches[1]);
    208                 // If extension is not in the acceptable list, skip it
    209                 if ( !in_array( $ext, $editable_extensions ) )
    210                         continue;
    211         } else {
    212                 // No extension found
    213                 continue;
    214         }
    215214?>
    216215                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ) ?>&amp;plugin=<?php echo urlencode( $plugin ) ?>"><?php echo $plugin_file ?></a></li>
    217216<?php endforeach; ?>