WordPress.org

Make WordPress Core

Ticket #9452: 9452.patch

File 9452.patch, 919 bytes (added by jbsil, 5 years ago)

Limits file extensions to php, txt, js, css, html, xml, inc and include

  • plugin-editor.php

     
    161161        <h3 id="bordertitle"><?php _e('Plugin Files'); ?></h3> 
    162162 
    163163        <ul> 
    164 <?php foreach($plugin_files as $plugin_file) : ?> 
     164<?php 
     165//List of allowable extensions 
     166$include = array("php", "txt", "js", "css", "html", "xml", "inc", "include"); 
     167foreach($plugin_files as $plugin_file) : 
     168        //Get the extension of the file 
     169        $ext = substr( $plugin_file, strpos( $plugin_file, '.' ) + 1 ); 
     170        //If extension is not in the acceptable list, skip it 
     171        if ( false === array_search( $ext, $include ) ) continue;       ?> 
    165172                <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li> 
    166173<?php endforeach; ?> 
    167174        </ul>