WordPress.org

Make WordPress Core

Ticket #9452: 9452.1.patch

File 9452.1.patch, 1.9 KB (added by jbsil, 5 years ago)

Includes regex to find extensions, apply_filter call for 'editable_extensions', and check for current file as well as the list

  • plugin-editor.php

     
    161161        <h3 id="bordertitle"><?php _e('Plugin Files'); ?></h3> 
    162162 
    163163        <ul> 
    164 <?php foreach($plugin_files as $plugin_file) : ?> 
     164<?php 
     165//List of allowable extensions 
     166$editable_extensions = apply_filters('editable_extensions', array("php", "txt", "text", "js", "css", "html", "htm", "xml", "inc", "include")); 
     167foreach($plugin_files as $plugin_file) : 
     168        //Get the extension of the file 
     169        if (preg_match('/\.([^.]+)$/', $plugin_file, $matches)) { 
     170                $ext = strtolower($matches[1]); 
     171                //If extension is not in the acceptable list, skip it 
     172                if ( false === array_search( $ext, $editable_extensions ) ) continue; 
     173        } else { 
     174                //No extension found 
     175                //What action belongs here? Leave the file in the list? Going with skip for safety 
     176                continue; 
     177        }       ?> 
    165178                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li> 
    166179<?php endforeach; ?> 
    167180        </ul> 
    168181        </div> 
    169 <?php   if ( ! $error ) { ?> 
     182<?php   if ( ! $error ) { 
     183        //Check current file 
     184        if (preg_match('/\.([^.]+)$/', $file, $matches)) { 
     185                $ext = strtolower($matches[1]); 
     186                if ( false === array_search($ext, $editable_extensions) ) { ?> 
     187Sorry, that file cannot be edited because it may not be a text file. 
     188<div class="clear"> &nbsp; </div> 
     189</div><?php 
     190                        break; 
     191                } 
     192        } else { ?> 
     193Sorry, that file cannot be edited because it has no extension. 
     194<div class="clear"> &nbsp; </div> 
     195</div><?php 
     196                break; 
     197        } 
     198        ?> 
    170199        <form name="template" id="template" action="plugin-editor.php" method="post"> 
    171200        <?php wp_nonce_field('edit-plugin_' . $file) ?> 
    172201                <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>