Changeset 12310
- Timestamp:
- 12/01/2009 10:03:13 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/file.php
r12268 r12310 196 196 */ 197 197 function validate_file_to_edit( $file, $allowed_files = '' ) { 198 $file = stripslashes( $file );199 200 198 $code = validate_file( $file, $allowed_files ); 201 199 … … 207 205 wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' )); 208 206 209 case 2 :210 wp_die( __('Sorry, can’t call files with their real path.' ));207 //case 2 : 208 // wp_die( __('Sorry, can’t call files with their real path.' )); 211 209 212 210 case 3 : -
trunk/wp-admin/plugin-editor.php
r12005 r12310 23 23 24 24 if ( isset($_REQUEST['file']) ) 25 $plugin = $_REQUEST['file'];25 $plugin = stripslashes($_REQUEST['file']); 26 26 27 27 if ( empty($plugin) ) { … … 34 34 if ( empty($file) ) 35 35 $file = $plugin_files[0]; 36 else 37 $file = stripslashes($file); 36 38 37 39 $file = validate_file_to_edit($file, $plugin_files); -
trunk/wp-admin/theme-editor.php
r12185 r12310 36 36 $file = $allowed_files[0]; 37 37 } else { 38 $file = stripslashes($file); 38 39 if ( 'theme' == $dir ) { 39 40 $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; … … 43 44 } 44 45 45 $real_file =validate_file_to_edit($file, $allowed_files);46 validate_file_to_edit($file, $allowed_files); 46 47 $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; 47 48 48 $file_show = basename( $file ); 49 49 … … 56 56 $newcontent = stripslashes($_POST['newcontent']); 57 57 $theme = urlencode($theme); 58 if (is_writeable($ real_file)) {58 if (is_writeable($file)) { 59 59 //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable 60 $f = fopen($ real_file, 'w+');60 $f = fopen($file, 'w+'); 61 61 if ($f !== FALSE) { 62 62 fwrite($f, $newcontent); … … 84 84 update_recently_edited($file); 85 85 86 if ( !is_file($ real_file) )86 if ( !is_file($file) ) 87 87 $error = 1; 88 88 89 if ( !$error && filesize($ real_file) > 0 ) {90 $f = fopen($ real_file, 'r');91 $content = fread($f, filesize($ real_file));92 93 if ( '.php' == substr( $ real_file, strrpos( $real_file, '.' ) ) ) {89 if ( !$error && filesize($file) > 0 ) { 90 $f = fopen($file, 'r'); 91 $content = fread($f, filesize($file)); 92 93 if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) { 94 94 $functions = wp_doc_link_parse( $content ); 95 95 … … 103 103 104 104 $content = htmlspecialchars( $content ); 105 $codepress_lang = codepress_get_lang($ real_file);105 $codepress_lang = codepress_get_lang($file); 106 106 } 107 107 … … 213 213 214 214 <div> 215 <?php if ( is_writeable($ real_file) ) : ?>215 <?php if ( is_writeable($file) ) : ?> 216 216 <p class="submit"> 217 217 <?php -
trunk/wp-includes/functions.php
r12309 r12310 3069 3069 return 1; 3070 3070 3071 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) 3072 return 3; 3073 3071 3074 if (':' == substr( $file, 1, 1 )) 3072 3075 return 2; 3073 3074 if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )3075 return 3;3076 3076 3077 3077 return 0;
Note: See TracChangeset
for help on using the changeset viewer.