Changeset 41721 for trunk/src/wp-admin/plugin-editor.php

Timestamp:

10/04/2017 12:19:16 AM (8 years ago)

Author:

westonruter

Message:

File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.

• Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
• Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
• After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
• Introduce a secure way to scrape PHP fatal errors from a site via wp_start_scraping_edited_file_errors() and wp_finalize_scraping_edited_file_errors().
• Moves file modifications from theme-editor.php and plugin-editor.php to common wp_edit_theme_plugin_file() function.
• Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
• Use get method for theme/plugin dropdowns.
• Improve styling of plugin editors, including width of plugin/theme dropdowns.
• Improve notices API for theme/plugin editor JS component.
• Strip common base directory from plugin file list. See #24048.
• Factor out functions to list editable file types in wp_get_theme_file_editable_extensions() and wp_get_plugin_file_editable_extensions().
• Scroll to line in editor that has linting error when attempting to save. See #41886.
• Add checkbox to dismiss lint errors to proceed with saving. See #41887.
• Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
• Ensure that value from CodeMirror is used instead of textarea when CodeMirror is present.
• Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

File:

• trunk/src/wp-admin/plugin-editor.php (modified) (8 diffs)

trunk/src/wp-admin/plugin-editor.php

@@ -69 +69 @@
 $plugin_files = get_plugin_files($plugin);
 
-if ( empty($file) )
+if ( empty( $file ) ) {
     $file = $plugin_files[0];
+}
 
 $file = validate_file_to_edit($file, $plugin_files);
 $real_file = WP_PLUGIN_DIR . '/' . $file;
-$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0;
-
-if ( isset( $_REQUEST['action'] ) && 'update' === $_REQUEST['action'] ) {
-
-    check_admin_referer('edit-plugin_' . $file);
-
-    $newcontent = wp_unslash( $_POST['newcontent'] );
-    if ( is_writeable($real_file) ) {
-        $f = fopen($real_file, 'w+');
-        fwrite($f, $newcontent);
-        fclose($f);
-
-        if ( preg_match( '/\.php$/', $real_file ) && function_exists( 'opcache_invalidate' ) ) {
-            opcache_invalidate( $real_file, true );
-        }
-
-        $network_wide = is_plugin_active_for_network( $file );
-
-        // Deactivate so we can test it.
-        if ( is_plugin_active( $plugin ) || isset( $_POST['phperror'] ) ) {
-            if ( is_plugin_active( $plugin ) ) {
-                deactivate_plugins( $plugin, true );
-            }
-
-            if ( ! is_network_admin() ) {
-                update_option( 'recently_activated', array( $file => time() ) + (array) get_option( 'recently_activated' ) );
-            } else {
-                update_site_option( 'recently_activated', array( $file => time() ) + (array) get_site_option( 'recently_activated' ) );
-            }
-
-            wp_redirect( add_query_arg( '_wpnonce', wp_create_nonce( 'edit-plugin-test_' . $file ), "plugin-editor.php?file=$file&plugin=$plugin&liveupdate=1&scrollto=$scrollto&networkwide=" . $network_wide ) );
-            exit;
-        }
-        wp_redirect( self_admin_url( "plugin-editor.php?file=$file&plugin=$plugin&a=te&scrollto=$scrollto" ) );
-    } else {
-        wp_redirect( self_admin_url( "plugin-editor.php?file=$file&plugin=$plugin&scrollto=$scrollto" ) );
-    }
-    exit;
-
-} else {
-
-    if ( isset($_GET['liveupdate']) ) {
-        check_admin_referer('edit-plugin-test_' . $file);
-
-        $error = validate_plugin( $plugin );
-
-        if ( is_wp_error( $error ) ) {
-            wp_die( $error );
-        }
-
-        if ( ( ! empty( $_GET['networkwide'] ) && ! is_plugin_active_for_network( $file ) ) || ! is_plugin_active( $file ) ) {
-            activate_plugin( $plugin, "plugin-editor.php?file=" . urlencode( $file ) . "&phperror=1", ! empty( $_GET['networkwide'] ) );
-        } // we'll override this later if the plugin can be included without fatal error
-
-        wp_redirect( self_admin_url( 'plugin-editor.php?file=' . urlencode( $file ) . '&plugin=' . urlencode( $plugin ) . "&a=te&scrollto=$scrollto" ) );
+
+// Handle fallback editing of file when JavaScript is not available.
+$edit_error = null;
+$posted_content = null;
+if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) {
+    $r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) );
+    if ( is_wp_error( $r ) ) {
+        $edit_error = $r;
+        if ( check_ajax_referer( 'edit-plugin_' . $file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
+            $posted_content = wp_unslash( $_POST['newcontent'] );
+        }
+    } else {
+        wp_redirect( add_query_arg(
+            array(
+                'a' => 1, // This means "success" for some reason.
+                'plugin' => $plugin,
+                'file' => $file,
+            ),
+            admin_url( 'plugin-editor.php' )
+        ) );
         exit;
     }
+}
 
     // List of allowable extensions
-    $editable_extensions = array(
-        'bash',
-        'conf',
-        'css',
-        'diff',
-        'htm',
-        'html',
-        'http',
-        'inc',
-        'include',
-        'js',
-        'json',
-        'jsx',
-        'less',
-        'md',
-        'patch',
-        'php',
-        'php3',
-        'php4',
-        'php5',
-        'php7',
-        'phps',
-        'phtml',
-        'sass',
-        'scss',
-        'sh',
-        'sql',
-        'svg',
-        'text',
-        'txt',
-        'xml',
-        'yaml',
-        'yml',
-    );
-
-    /**
-     * Filters file type extensions editable in the plugin editor.
-     *
-     * @since 2.8.0
-     *
-     * @param array $editable_extensions An array of editable plugin file extensions.
-     */
-    $editable_extensions = (array) apply_filters( 'editable_extensions', $editable_extensions );
+    $editable_extensions = wp_get_plugin_file_editable_extensions( $plugin );
 
     if ( ! is_file($real_file) ) {
@@ -213 +138 @@
     );
 
-    $settings = wp_enqueue_code_editor( array( 'file' => $real_file ) );
-    if ( ! empty( $settings ) ) {
-        wp_enqueue_script( 'wp-theme-plugin-editor' );
-        wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function() { wp.themePluginEditor.init( %s ); } )', wp_json_encode( $settings ) ) );
-    }
+    $settings = array(
+        'codeEditor' => wp_enqueue_code_editor( array( 'file' => $real_file ) ),
+    );
+    wp_enqueue_script( 'wp-theme-plugin-editor' );
+    wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function( $ ) { wp.themePluginEditor.init( $( "#template" ), %s ); } )', wp_json_encode( $settings ) ) );
 
     require_once(ABSPATH . 'wp-admin/admin-header.php');
@@ -223 +148 @@
     update_recently_edited(WP_PLUGIN_DIR . '/' . $file);
 
-    $content = file_get_contents( $real_file );
+    if ( ! empty( $posted_content ) ) {
+        $content = $posted_content;
+    } else {
+        $content = file_get_contents( $real_file );
+    }
 
     if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) {
@@ -240 +169 @@
     $content = esc_textarea( $content );
     ?>
-<?php if (isset($_GET['a'])) : ?>
- <div id="message" class="updated notice is-dismissible"><p><?php _e('File edited successfully.') ?></p></div>
-<?php elseif (isset($_GET['phperror'])) : ?>
- <div id="message" class="notice notice-error"><p><?php _e( 'This plugin has been deactivated because your changes resulted in a <strong>fatal error</strong>.' ); ?></p>
-    <?php
-        if ( wp_verify_nonce( $_GET['_error_nonce'], 'plugin-activation-error_' . $plugin ) ) {
-            $iframe_url = add_query_arg( array(
-                'action'   => 'error_scrape',
-                'plugin'   => urlencode( $plugin ),
-                '_wpnonce' => urlencode( $_GET['_error_nonce'] ),
-            ), admin_url( 'plugins.php' ) );
-            ?>
-    <iframe style="border:0" width="100%" height="70px" src="<?php echo esc_url( $iframe_url ); ?>"></iframe>
-    <?php } ?>
-</div>
-<?php endif; ?>
 <div class="wrap">
 <h1><?php echo esc_html( $title ); ?></h1>
+
+<?php if ( isset( $_GET['a'] ) ) : ?>
+    <div id="message" class="updated notice is-dismissible">
+        <p><?php _e( 'File edited successfully.' ); ?></p>
+    </div>
+<?php elseif ( is_wp_error( $edit_error ) ) : ?>
+    <div id="message" class="notice notice-error">
+        <p><?php _e( 'There was an error while trying to update the file. You may need to fix something and try updating again.' ); ?></p>
+        <pre><?php echo esc_html( $edit_error->get_error_message() ? $edit_error->get_error_message() : $edit_error->get_error_code() ); ?></pre>
+    </div>
+<?php endif; ?>
 
 <div class="fileedit-sub">
@@ -284 +208 @@
 </div>
 <div class="alignright">
-    <form action="plugin-editor.php" method="post">
+    <form action="plugin-editor.php" method="get">
         <strong><label for="plugin"><?php _e('Select plugin to edit:'); ?> </label></strong>
         <select name="plugin" id="plugin">
@@ -309 +233 @@
     <h2><?php _e( 'Plugin Files' ); ?></h2>
 
+    <?php
+    $plugin_editable_files = array();
+    foreach ( $plugin_files as $plugin_file ) {
+        if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches ) && in_array( $matches[1], $editable_extensions ) ) {
+            $plugin_editable_files[] = $plugin_file;
+        }
+    }
+    ?>
     <ul>
-<?php
-foreach ( $plugin_files as $plugin_file ) :
-    // Get the extension of the file
-    if ( preg_match('/\.([^.]+)$/', $plugin_file, $matches) ) {
-        $ext = strtolower($matches[1]);
-        // If extension is not in the acceptable list, skip it
-        if ( !in_array( $ext, $editable_extensions ) )
-            continue;
-    } else {
-        // No extension found
-        continue;
-    }
-    ?>
-    <li class="<?php echo esc_attr( $file === $plugin_file ? 'notice notice-info' : '' ); ?>"><a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ); ?>&amp;plugin=<?php echo urlencode( $plugin ); ?>"><?php echo esc_html( $plugin_file ); ?></a></li>
-<?php endforeach; ?>
+    <?php foreach ( $plugin_editable_files as $plugin_file ) : ?>
+        <li class="<?php echo esc_attr( $file === $plugin_file ? 'notice notice-info' : '' ); ?>">
+            <a href="plugin-editor.php?file=<?php echo urlencode( $plugin_file ); ?>&amp;plugin=<?php echo urlencode( $plugin ); ?>"><?php echo esc_html( preg_replace( '#^.+?/#', '', $plugin_file ) ); ?></a>
+        </li>
+    <?php endforeach; ?>
     </ul>
 </div>
 <form name="template" id="template" action="plugin-editor.php" method="post">
-    <?php wp_nonce_field('edit-plugin_' . $file) ?>
+    <?php wp_nonce_field( 'edit-plugin_' . $file, 'nonce' ); ?>
         <div>
             <label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
@@ -335 +257 @@
             <input type="hidden" name="file" value="<?php echo esc_attr( $file ); ?>" />
             <input type="hidden" name="plugin" value="<?php echo esc_attr( $plugin ); ?>" />
-            <input type="hidden" name="scrollto" id="scrollto" value="<?php echo esc_attr( $scrollto ); ?>" />
         </div>
         <?php if ( !empty( $docs_select ) ) : ?>
@@ -341 +262 @@
         <?php endif; ?>
 <?php if ( is_writeable($real_file) ) : ?>
-    <?php if ( in_array( $plugin, (array) get_option( 'active_plugins', array() ) ) ) { ?>
-        <div class="notice notice-warning inline active-plugin-edit-warning">
-            <p><?php _e('<strong>Warning:</strong> Making changes to active plugins is not recommended. If your changes cause a fatal error, the plugin will be automatically deactivated.'); ?></p>
+    <div class="editor-notices">
+        <?php if ( in_array( $plugin, (array) get_option( 'active_plugins', array() ) ) ) { ?>
+            <div class="notice notice-warning inline active-plugin-edit-warning">
+            <p><?php _e('<strong>Warning:</strong> Making changes to active plugins is not recommended.'); ?></p>
         </div>
-    <?php } ?>
+        <?php } ?>
+    </div>
     <p class="submit">
-    <?php
-        if ( isset($_GET['phperror']) ) {
-            echo "<input type='hidden' name='phperror' value='1' />";
-            submit_button( __( 'Update File and Attempt to Reactivate' ), 'primary', 'submit', false );
-        } else {
-            submit_button( __( 'Update File' ), 'primary', 'submit', false );
-        }
-    ?>
+        <?php submit_button( __( 'Update File' ), 'primary', 'submit', false ); ?>
+        <span class="spinner"></span>
     </p>
 <?php else : ?>
     <p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="https://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
 <?php endif; ?>
+<?php wp_print_file_editor_templates(); ?>
 </form>
 <br class="clear" />
 </div>
-<script type="text/javascript">
-jQuery(document).ready(function($){
-    $('#template').submit(function(){ $('#scrollto').val( $('#newcontent').scrollTop() ); });
-    $('#newcontent').scrollTop( $('#scrollto').val() );
-});
-</script>
 <?php
-}
 
 include(ABSPATH . "wp-admin/admin-footer.php");