Index: trunk/wp-admin/plugin-editor.php
===================================================================
--- trunk/wp-admin/plugin-editor.php	(revision 10734)
+++ trunk/wp-admin/plugin-editor.php	(revision 10879)
@@ -19,4 +19,7 @@
 $plugins = get_plugins();
 
+if ( isset($_REQUEST['plugin']) )
+	$plugin = $_REQUEST['plugin'];
+
 if ( empty($plugin) ) {
 	$plugin = array_keys($plugins);
@@ -26,5 +29,5 @@
 $plugin_files = get_plugin_files($plugin);
 
-if (empty($file))
+if ( empty($file) )
 	$file = $plugin_files[0];
 
@@ -32,5 +35,5 @@
 $real_file = WP_PLUGIN_DIR . '/' . $file;
 
-switch($action) {
+switch ( $action ) {
 
 case 'update':
@@ -71,9 +74,9 @@
 
 		$error = validate_plugin($file);
-		if( is_wp_error($error) )
+		if ( is_wp_error($error) )
 			wp_die( $error );
 
 		if ( ! is_plugin_active($file) )
-			activate_plugin($file, "plugin-editor.php?file=$file&phperror=1");// we'll override this later if the plugin can be included without fatal error
+			activate_plugin($file, "plugin-editor.php?file=$file&phperror=1"); // we'll override this later if the plugin can be included without fatal error
 
 		wp_redirect("plugin-editor.php?file=$file&a=te");
@@ -87,6 +90,21 @@
 	update_recently_edited(WP_PLUGIN_DIR . '/' . $file);
 
-	if ( ! is_file($real_file) )
-		$error = 1;
+	// List of allowable extensions
+	$editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include');
+	$extra_extensions = apply_filters('editable_extensions', null);
+	if ( is_array($extra_extensions) )
+		$editable_extensions = array_merge($editable_extensions, $extra_extensions);
+
+	if ( ! is_file($real_file) ) {
+		$error = __('No such file exists! Double check the name and try again.');
+	} else {
+		// Get the extension of the file
+		if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) {
+			$ext = strtolower($matches[1]);
+			// If extension is not in the acceptable list, skip it
+			if ( !in_array( $ext, $editable_extensions) )
+				$error = __('Files of this type are not editable.');
+		}
+	}
 
 	if ( ! $error ) {
@@ -99,5 +117,5 @@
 			$docs_select .= '<option value="">' . __( 'Function Name...' ) . '</option>';
 			foreach ( $functions as $function) {
-				$docs_select .= '<option value="' . urlencode( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
+				$docs_select .= '<option value="' . attribute_escape( $function ) . '">' . htmlspecialchars( $function ) . '()</option>';
 			}
 			$docs_select .= '</select>';
@@ -127,11 +145,14 @@
 		<select name="plugin" id="plugin">
 <?php
-	foreach ($plugins as $plugin_key => $a_plugin) {
-	$plugin_name = $a_plugin['Name'];
-	if ($plugin_key == $plugin) $selected = " selected='selected'";
-	else $selected = '';
-	$plugin_name = attribute_escape($plugin_name);
-	echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>";
-}
+	foreach ( $plugins as $plugin_key => $a_plugin ) {
+		$plugin_name = $a_plugin['Name'];
+		if ( $plugin_key == $plugin )
+			$selected = " selected='selected'";
+		else
+			$selected = '';
+		$plugin_name = attribute_escape($plugin_name);
+		$plugin_key = attribute_escape($plugin_key);
+		echo "\n\t<option value=\"$plugin_key\" $selected>$plugin_name</option>";
+	}
 ?>
 		</select>
@@ -162,5 +183,17 @@
 
 	<ul>
-<?php foreach($plugin_files as $plugin_file) : ?>
+<?php
+foreach ( $plugin_files as $plugin_file ) :
+	// Get the extension of the file
+	if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) {
+		$ext = strtolower($matches[1]);
+		// If extension is not in the acceptable list, skip it
+		if ( !in_array( $ext, $editable_extensions ) )
+			continue;
+	} else {
+		// No extension found
+		continue;
+	}
+?>
 		<li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
 <?php endforeach; ?>
@@ -176,5 +209,5 @@
 		</div>
 		<?php if ( count( $functions ) ) : ?>
-		<div id="documentation"><label for="docs-list">Documentation:</label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php _e( 'Lookup' ) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
+		<div id="documentation"><label for="docs-list"><?php _e('Documentation:') ?></label> <?php echo $docs_select ?> <input type="button" class="button" value=" <?php echo attribute_escape(__( 'Lookup' )) ?> " onclick="if ( '' != jQuery('#docs-list').val() ) { window.open( 'http://api.wordpress.org/core/handbook/1.0/?function=' + escape( jQuery( '#docs-list' ).val() ) + '&locale=<?php echo urlencode( get_locale() ) ?>&version=<?php echo urlencode( $wp_version ) ?>&redirect=true'); }" /></div>
 		<?php endif; ?>
 <?php if ( is_writeable($real_file) ) : ?>
@@ -196,5 +229,5 @@
 <?php
 	} else {
-		echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
+		echo '<div class="error"><p>' . $error . '</p></div>';
 	}
 ?>