Ticket #42609: 42609.diff
| File 42609.diff, 1.4 KB (added by , 7 years ago) |
|---|
-
src/wp-admin/includes/file.php
function wp_edit_theme_plugin_file( $arg 433 433 switch ( $type ) { 434 434 case 'php': 435 435 $allowed_files = array_merge( $allowed_files, $theme->get_files( 'php', -1 ) ); 436 436 break; 437 437 case 'css': 438 438 $style_files = $theme->get_files( 'css', -1 ); 439 439 $allowed_files['style.css'] = $style_files['style.css']; 440 440 $allowed_files = array_merge( $allowed_files, $style_files ); 441 441 break; 442 442 default: 443 443 $allowed_files = array_merge( $allowed_files, $theme->get_files( $type, -1 ) ); 444 444 break; 445 445 } 446 446 } 447 447 448 if ( 0 !== validate_file( $ real_file, $allowed_files) ) {448 if ( 0 !== validate_file( $file, array_keys( $allowed_files ) ) ) { 449 449 return new WP_Error( 'disallowed_theme_file', __( 'Sorry, that file cannot be edited.' ) ); 450 450 } 451 451 452 452 $is_active = ( get_stylesheet() === $stylesheet || get_template() === $stylesheet ); 453 453 } else { 454 454 return new WP_Error( 'missing_theme_or_plugin' ); 455 455 } 456 456 457 457 // Ensure file is real. 458 458 if ( ! is_file( $real_file ) ) { 459 459 return new WP_Error( 'file_does_not_exist', __( 'No such file exists! Double check the name and try again.' ) ); 460 460 } 461 461 462 462 // Ensure file extension is allowed. 463 463 $extension = null;