Changeset 41721 for trunk/src/wp-admin/theme-editor.php

Timestamp:

10/04/2017 12:19:16 AM (7 years ago)

Author:

westonruter

Message:

File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.

• Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
• Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
• After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
• Introduce a secure way to scrape PHP fatal errors from a site via wp_start_scraping_edited_file_errors() and wp_finalize_scraping_edited_file_errors().
• Moves file modifications from theme-editor.php and plugin-editor.php to common wp_edit_theme_plugin_file() function.
• Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
• Use get method for theme/plugin dropdowns.
• Improve styling of plugin editors, including width of plugin/theme dropdowns.
• Improve notices API for theme/plugin editor JS component.
• Strip common base directory from plugin file list. See #24048.
• Factor out functions to list editable file types in wp_get_theme_file_editable_extensions() and wp_get_plugin_file_editable_extensions().
• Scroll to line in editor that has linting error when attempting to save. See #41886.
• Add checkbox to dismiss lint errors to proceed with saving. See #41887.
• Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
• Ensure that value from CodeMirror is used instead of textarea when CodeMirror is present.
• Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

File:

• trunk/src/wp-admin/theme-editor.php (modified) (10 diffs)

trunk/src/wp-admin/theme-editor.php

@@ -70 +70 @@
 $allowed_files = $style_files = array();
 $has_templates = false;
-$default_types = array(
-    'bash',
-    'conf',
-    'css',
-    'diff',
-    'htm',
-    'html',
-    'http',
-    'inc',
-    'include',
-    'js',
-    'json',
-    'jsx',
-    'less',
-    'md',
-    'patch',
-    'php',
-    'php3',
-    'php4',
-    'php5',
-    'php7',
-    'phps',
-    'phtml',
-    'sass',
-    'scss',
-    'sh',
-    'sql',
-    'svg',
-    'text',
-    'txt',
-    'xml',
-    'yaml',
-    'yml',
-);
-
-/**
- * Filters the list of file types allowed for editing in the Theme editor.
- *
- * @since 4.4.0
- *
- * @param array    $default_types List of file types. Default types include 'php' and 'css'.
- * @param WP_Theme $theme         The current Theme object.
- */
-$file_types = apply_filters( 'wp_theme_editor_filetypes', $default_types, $theme );
-
-// Ensure that default types are still there.
-$file_types = array_unique( array_merge( $file_types, $default_types ) );
+
+$file_types = wp_get_theme_file_editable_extensions( $theme );
 
 foreach ( $file_types as $type ) {
@@ -144 +99 @@
 
 validate_file_to_edit( $file, $allowed_files );
-$scrollto = isset( $_REQUEST['scrollto'] ) ? (int) $_REQUEST['scrollto'] : 0;
-
-switch( $action ) {
-case 'update':
-    check_admin_referer( 'edit-theme_' . $file . $stylesheet );
-    $newcontent = wp_unslash( $_POST['newcontent'] );
-    $location = 'theme-editor.php?file=' . urlencode( $relative_file ) . '&theme=' . urlencode( $stylesheet ) . '&scrollto=' . $scrollto;
-    if ( is_writeable( $file ) ) {
-        // is_writable() not always reliable, check return value. see comments @ https://secure.php.net/is_writable
-        $f = fopen( $file, 'w+' );
-        if ( $f !== false ) {
-            fwrite( $f, $newcontent );
-            fclose( $f );
-            $location .= '&updated=true';
-            $theme->cache_delete();
-        }
+
+// Handle fallback editing of file when JavaScript is not available.
+$edit_error = null;
+$posted_content = null;
+if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) {
+    $r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) );
+    if ( is_wp_error( $r ) ) {
+        $edit_error = $r;
+        if ( check_ajax_referer( 'edit-theme_' . $file . $stylesheet, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
+            $posted_content = wp_unslash( $_POST['newcontent'] );
+        }
+    } else {
+        wp_redirect( add_query_arg(
+            array(
+                'a' => 1, // This means "success" for some reason.
+                'theme' => $stylesheet,
+                'file' => $relative_file,
+            ),
+            admin_url( 'theme-editor.php' )
+        ) );
+        exit;
     }
-    wp_redirect( $location );
-    exit;
-
-default:
-
-    $settings = wp_enqueue_code_editor( compact( 'file' ) );
-    if ( ! empty( $settings ) ) {
-        wp_enqueue_script( 'wp-theme-plugin-editor' );
-        wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function() { wp.themePluginEditor.init( %s ); } )', wp_json_encode( $settings ) ) );
-    }
+}
+
+    $settings = array(
+        'codeEditor' => wp_enqueue_code_editor( compact( 'file' ) ),
+    );
+    wp_enqueue_script( 'wp-theme-plugin-editor' );
+    wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function( $ ) { wp.themePluginEditor.init( $( "#template" ), %s ); } )', wp_json_encode( $settings ) ) );
 
     require_once( ABSPATH . 'wp-admin/admin-header.php' );
@@ -180 +137 @@
 
     $content = '';
-    if ( ! $error && filesize( $file ) > 0 ) {
+    if ( ! empty( $posted_content ) ) {
+        $content = $posted_content;
+    } elseif ( ! $error && filesize( $file ) > 0 ) {
         $f = fopen($file, 'r');
         $content = fread($f, filesize($file));
@@ -198 +157 @@
     }
 
-    if ( isset( $_GET['updated'] ) ) : ?>
- <div id="message" class="updated notice is-dismissible"><p><?php _e( 'File edited successfully.' ) ?></p></div>
-<?php endif;
-
 $file_description = get_file_description( $relative_file );
 $file_show = array_search( $file, array_filter( $allowed_files ) );
@@ -212 +167 @@
 <h1><?php echo esc_html( $title ); ?></h1>
 
+<?php if ( isset( $_GET['a'] ) ) : ?>
+    <div id="message" class="updated notice is-dismissible">
+        <p><?php _e( 'File edited successfully.' ); ?></p>
+    </div>
+<?php elseif ( is_wp_error( $edit_error ) ) : ?>
+    <div id="message" class="notice notice-error">
+        <p><?php _e( 'There was an error while trying to update the file. You may need to fix something and try updating again.' ); ?></p>
+        <pre><?php echo esc_html( $edit_error->get_error_message() ? $edit_error->get_error_message() : $edit_error->get_error_code() ); ?></pre>
+    </div>
+<?php endif; ?>
+
 <div class="fileedit-sub">
 <div class="alignleft">
@@ -217 +183 @@
 </div>
 <div class="alignright">
-    <form action="theme-editor.php" method="post">
+    <form action="theme-editor.php" method="get">
         <strong><label for="theme"><?php _e('Select theme to edit:'); ?> </label></strong>
         <select name="theme" id="theme">
@@ -300 +266 @@
 else : ?>
     <form name="template" id="template" action="theme-editor.php" method="post">
-    <?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet ); ?>
+        <?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet, 'nonce' ); ?>
         <div>
             <label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
@@ -307 +273 @@
             <input type="hidden" name="file" value="<?php echo esc_attr( $relative_file ); ?>" />
             <input type="hidden" name="theme" value="<?php echo esc_attr( $theme->get_stylesheet() ); ?>" />
-            <input type="hidden" name="scrollto" id="scrollto" value="<?php echo esc_attr( $scrollto ); ?>" />
         </div>
     <?php if ( ! empty( $functions ) ) : ?>
@@ -317 +282 @@
     <?php endif; ?>
 
-        <div>
-        <?php if ( is_child_theme() && $theme->get_stylesheet() == get_template() ) : ?>
-            <p><?php if ( is_writeable( $file ) ) { ?><strong><?php _e( 'Caution:' ); ?></strong><?php } ?>
-            <?php _e( 'This is a file in your current parent theme.' ); ?></p>
-        <?php endif; ?>
-<?php
-    if ( is_writeable( $file ) ) :
-        submit_button( __( 'Update File' ), 'primary', 'submit', true );
-    else : ?>
-<p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="https://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
-<?php endif; ?>
+    <div>
+        <div class="editor-notices">
+            <?php if ( is_child_theme() && $theme->get_stylesheet() == get_template() ) : ?>
+                <div class="notice notice-warning inline">
+                    <p>
+                        <?php if ( is_writeable( $file ) ) { ?><strong><?php _e( 'Caution:' ); ?></strong><?php } ?>
+                        <?php _e( 'This is a file in your current parent theme.' ); ?>
+                    </p>
+                </div>
+            <?php endif; ?>
         </div>
+    <?php if ( is_writeable( $file ) ) : ?>
+        <p class="submit">
+            <?php submit_button( __( 'Update File' ), 'primary', 'submit', false ); ?>
+            <span class="spinner"></span>
+        </p>
+    <?php else : ?>
+        <p><em><?php _e('You need to make this file writable before you can save your changes. See <a href="https://codex.wordpress.org/Changing_File_Permissions">the Codex</a> for more information.'); ?></em></p>
+    <?php endif; ?>
+    </div>
+    <?php wp_print_file_editor_templates(); ?>
     </form>
 <?php
@@ -335 +309 @@
 <br class="clear" />
 </div>
-<script type="text/javascript">
-jQuery(document).ready(function($){
-    $('#template').submit(function(){ $('#scrollto').val( $('#newcontent').scrollTop() ); });
-    $('#newcontent').scrollTop( $('#scrollto').val() );
-});
-</script>
-<?php
-break;
-}
+<?php
 
 include(ABSPATH . 'wp-admin/admin-footer.php' );