Ticket #35788: 35788.1.patch
File 35788.1.patch, 2.1 KB (added by , 8 years ago) |
---|
-
src/wp-admin/plugin-editor.php
14 14 exit(); 15 15 } 16 16 17 if ( ! current_user_can('edit_plugins') )17 if ( ! current_user_can('edit_plugins') ) { 18 18 wp_die( __('You do not have sufficient permissions to edit plugins for this site.') ); 19 } 19 20 20 21 $title = __("Edit Plugins"); 21 22 $parent_file = 'plugins.php'; … … 43 44 $plugin = $plugin[0]; 44 45 } 45 46 47 $plugin_arr = explode("/", $plugin, 2); 48 $current_plugin = $plugin_arr[0]; 49 46 50 $plugin_files = get_plugin_files($plugin); 47 51 48 52 if ( empty($file) ) … … 92 96 check_admin_referer('edit-plugin-test_' . $file); 93 97 94 98 $error = validate_plugin($file); 95 if ( is_wp_error($error) ) 99 if ( is_wp_error($error) ) { 96 100 wp_die( $error ); 101 } 97 102 98 103 if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network($file) ) || ! is_plugin_active($file) ) 99 104 activate_plugin($file, "plugin-editor.php?file=$file&phperror=1", ! empty( $_GET['networkwide'] ) ); // we'll override this later if the plugin can be included without fatal error … … 121 126 if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) { 122 127 $ext = strtolower($matches[1]); 123 128 // If extension is not in the acceptable list, skip it 124 if ( !in_array( $ext, $editable_extensions) ) 129 if ( !in_array( $ext, $editable_extensions) ) { 125 130 wp_die(sprintf('<p>%s</p>', __('Files of this type are not editable.'))); 131 } 126 132 } 127 133 } 128 134 … … 214 220 <?php 215 221 foreach ( $plugins as $plugin_key => $a_plugin ) { 216 222 $plugin_name = $a_plugin['Name']; 217 if ( $plugin_key == $plugin ) 223 $plugin_name = esc_attr($plugin_name); 224 $plugin_key = esc_attr($plugin_key); 225 $plugin_key_arr = explode("/", $plugin_key, 2); 226 $plugin_slug = $plugin_key_arr[0]; 227 228 if ( $plugin_slug == $current_plugin ) { 218 229 $selected = " selected='selected'"; 219 else 230 } 231 else { 220 232 $selected = ''; 221 $plugin_name = esc_attr($plugin_name);222 $plugin_key = esc_attr($plugin_key); 233 } 234 223 235 echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>"; 224 236 } 225 237 ?>