WordPress.org

Make WordPress Core

Ticket #9452: 9452.2.patch

File 9452.2.patch, 2.1 KB (added by jbsil, 9 years ago)

Only allows filter to add to existing list. All other changes also in this patch.

  • plugin-editor.php

     
    161161        <h3 id="bordertitle"><?php _e('Plugin Files'); ?></h3>
    162162
    163163        <ul>
    164 <?php foreach($plugin_files as $plugin_file) : ?>
     164<?php
     165//List of allowable extensions
     166$always_editable = array("php", "txt", "text", "js", "css", "html", "htm", "xml", "inc", "include");
     167$editable_extensions = apply_filters('editable_extensions', array());
     168if (is_array($editable_extensions)) $editable_extensions = array_unique(array_merge($editable_extensions, $always_editable));
     169else $editable_extensions = $always_editable;
     170foreach($plugin_files as $plugin_file) :
     171        //Get the extension of the file
     172        if (preg_match('/\.([^.]+)$/', $plugin_file, $matches)) {
     173                $ext = strtolower($matches[1]);
     174                //If extension is not in the acceptable list, skip it
     175                if ( false === array_search( $ext, $editable_extensions ) ) continue;
     176        } else {
     177                //No extension found
     178                //What action belongs here? Leave the file in the list? Going with skip for safety
     179                continue;
     180        }       ?>
    165181                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
    166182<?php endforeach; ?>
    167183        </ul>
    168184        </div>
    169 <?php   if ( ! $error ) { ?>
     185<?php   if ( ! $error ) {
     186        //Check current file
     187        if (preg_match('/\.([^.]+)$/', $file, $matches)) {
     188                $ext = strtolower($matches[1]);
     189                if ( false === array_search($ext, $editable_extensions) ) { ?>
     190Sorry, that file cannot be edited because it may not be a text file.
     191<div class="clear"> &nbsp; </div>
     192</div><?php
     193                        break;
     194                }
     195        } else { ?>
     196Sorry, that file cannot be edited because it has no extension.
     197<div class="clear"> &nbsp; </div>
     198</div><?php
     199                break;
     200        }
     201        ?>
    170202        <form name="template" id="template" action="plugin-editor.php" method="post">
    171203        <?php wp_nonce_field('edit-plugin_' . $file) ?>
    172204                <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1" class="codepress <?php echo $codepress_lang ?>"><?php echo $content ?></textarea>