Index: /trunk/wp-admin/includes/file.php =================================================================== --- /trunk/wp-admin/includes/file.php (revision 20312) +++ /trunk/wp-admin/includes/file.php (revision 20313) @@ -66,5 +66,5 @@ } - return basename( $file ); + return trim( basename( $file ) ); } Index: /trunk/wp-admin/theme-editor.php =================================================================== --- /trunk/wp-admin/theme-editor.php (revision 20312) +++ /trunk/wp-admin/theme-editor.php (revision 20313) @@ -43,78 +43,71 @@ ); -wp_reset_vars(array('action', 'redirect', 'profile', 'error', 'warning', 'a', 'file', 'theme', 'dir')); - -$themes = get_themes(); - -if (empty($theme)) { - $theme = get_current_theme(); +wp_reset_vars( array( 'action', 'error', 'file', 'theme' ) ); + +if ( $theme ) + $stylesheet = $theme; +else + $stylesheet = get_stylesheet(); + +$theme = wp_get_theme( $stylesheet ); + +if ( ! $theme ) + wp_die( __( 'The requested theme does not exist.' ) ); + +$allowed_files = $theme->get_files( 'php', 1 ); +$style_files = $theme->get_files( 'css' ); +if ( isset( $style_files['style.css'] ) ) { + $allowed_files['style.css'] = $style_files['style.css']; + unset( $style_files['style.css'] ); } else { - $theme = stripslashes($theme); -} - -if ( ! isset($themes[$theme]) ) - wp_die(__('The requested theme does not exist.')); - -$allowed_files = array_merge( $themes[$theme]['Stylesheet Files'], $themes[$theme]['Template Files'] ); + $style_files['style.css'] = false; +} +$allowed_files += $style_files; if ( empty( $file ) ) { - if ( false !== array_search( $themes[$theme]['Stylesheet Dir'] . '/style.css', $allowed_files ) ) - $file = $themes[$theme]['Stylesheet Dir'] . '/style.css'; - else - $file = $allowed_files[0]; + if ( ! empty( $allowed_files['style.css'] ) ) { + $relative_file = 'style.css'; + $file = $allowed_files['style.css']; + } else { + $relative_file = key( $allowed_files ); + $file = current( $allowed_files ); + } } else { - $file = stripslashes($file); - if ( 'theme' == $dir ) { - $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; - } else if ( 'style' == $dir) { - $file = dirname(dirname($themes[$theme]['Stylesheet Dir'])) . $file ; + $relative_file = stripslashes( $file ); + $file = $theme->get_stylesheet_directory() . '/' . $relative_file; +} + +validate_file_to_edit( $file, $allowed_files ); +$scrollto = isset( $_REQUEST['scrollto'] ) ? (int) $_REQUEST['scrollto'] : 0; + +switch( $action ) { +case 'update': + check_admin_referer( 'edit-theme_' . $file . $stylesheet ); + $newcontent = stripslashes( $_POST['newcontent'] ); + $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto; + if ( is_writeable( $file ) ) { + //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable + $f = fopen( $file, 'w+' ); + if ( $f !== false ) { + fwrite( $f, $newcontent ); + fclose( $f ); + $location .= '&updated=true'; + } } -} - -validate_file_to_edit($file, $allowed_files); -$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; -$file_show = basename( $file ); - -switch($action) { - -case 'update': - - check_admin_referer('edit-theme_' . $file . $theme); - - $newcontent = stripslashes($_POST['newcontent']); - $theme = urlencode($theme); - if (is_writeable($file)) { - //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable - $f = fopen($file, 'w+'); - if ($f !== false) { - fwrite($f, $newcontent); - fclose($f); - $location = "theme-editor.php?file=$file&theme=$theme&a=te&scrollto=$scrollto"; - } else { - $location = "theme-editor.php?file=$file&theme=$theme&scrollto=$scrollto"; - } - } else { - $location = "theme-editor.php?file=$file&theme=$theme&scrollto=$scrollto"; - } - - $location = wp_kses_no_null($location); - $strip = array('%0d', '%0a', '%0D', '%0A'); - $location = _deep_replace($strip, $location); - header("Location: $location"); - exit(); - + wp_redirect( $location ); + exit; break; default: - require_once(ABSPATH . 'wp-admin/admin-header.php'); - - update_recently_edited($file); - - if ( !is_file($file) ) - $error = 1; + require_once( ABSPATH . 'wp-admin/admin-header.php' ); + + update_recently_edited( $file ); + + if ( ! is_file( $file ) ) + $error = true; $content = ''; - if ( !$error && filesize($file) > 0 ) { + if ( ! $error && filesize( $file ) > 0 ) { $f = fopen($file, 'r'); $content = fread($f, filesize($file)); @@ -135,12 +128,12 @@ ?> - -