Changeset 41721 for trunk/src/wp-includes/load.php

Timestamp:

10/04/2017 12:19:16 AM (8 years ago)

Author:

westonruter

Message:

File Editors: Introduce sandboxed live editing of PHP files with rollbacks for both themes and plugins.

• Edits to active plugins which cause PHP fatal errors will no longer auto-deactivate the plugin. Supersedes #39766.
• Introduce sandboxed PHP file edits for active themes, preventing accidental whitescreening of a user's site when introducing a fatal error.
• After writing a change to a PHP file for an active theme or plugin, perform loopback requests on the file editor admin screens and the homepage to check for fatal errors. If a fatal error is encountered, roll back the edited file and display the error to the user to fix and try again.
• Introduce a secure way to scrape PHP fatal errors from a site via wp_start_scraping_edited_file_errors() and wp_finalize_scraping_edited_file_errors().
• Moves file modifications from theme-editor.php and plugin-editor.php to common wp_edit_theme_plugin_file() function.
• Refactor themes and plugin editors to submit file changes via Ajax instead of doing full page refreshes when JS is available.
• Use get method for theme/plugin dropdowns.
• Improve styling of plugin editors, including width of plugin/theme dropdowns.
• Improve notices API for theme/plugin editor JS component.
• Strip common base directory from plugin file list. See #24048.
• Factor out functions to list editable file types in wp_get_theme_file_editable_extensions() and wp_get_plugin_file_editable_extensions().
• Scroll to line in editor that has linting error when attempting to save. See #41886.
• Add checkbox to dismiss lint errors to proceed with saving. See #41887.
• Only style the Update File button as disabled instead of actually disabling it for accessibility reasons.
• Ensure that value from CodeMirror is used instead of textarea when CodeMirror is present.
• Add "Are you sure?" check when leaving editor when there are unsaved changes.

Supersedes [41560].
See #39766, #24048, #41886.
Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
Fixes #21622, #41887.

File:

• trunk/src/wp-includes/load.php (modified) (1 diff)

trunk/src/wp-includes/load.php

@@ -1113 +1113 @@
     return apply_filters( 'file_mod_allowed', ! defined( 'DISALLOW_FILE_MODS' ) || ! DISALLOW_FILE_MODS, $context );
 }
+
+/**
+ * Start scraping edited file errors.
+ *
+ * @since 4.9.0
+ */
+function wp_start_scraping_edited_file_errors() {
+    if ( ! isset( $_REQUEST['wp_scrape_key'] ) || ! isset( $_REQUEST['wp_scrape_nonce'] ) ) {
+        return;
+    }
+    $key = substr( sanitize_key( wp_unslash( $_REQUEST['wp_scrape_key'] ) ), 0, 32 );
+    $nonce = wp_unslash( $_REQUEST['wp_scrape_nonce'] );
+
+    if ( get_transient( 'scrape_key_' . $key ) !== $nonce ) {
+        echo "###### begin_scraped_error:$key ######";
+        echo wp_json_encode( array(
+            'code' => 'scrape_nonce_failure',
+            'message' => __( 'Scrape nonce check failed. Please try again.' ),
+        ) );
+        die();
+    }
+    register_shutdown_function( 'wp_finalize_scraping_edited_file_errors', $key );
+}
+
+/**
+ * Finalize scraping for edited file errors.
+ *
+ * @since 4.9.0
+ *
+ * @param string $scrape_key Scrape key.
+ */
+function wp_finalize_scraping_edited_file_errors( $scrape_key ) {
+    $error = error_get_last();
+    if ( empty( $error ) ) {
+        return;
+    }
+    if ( ! in_array( $error['type'], array( E_CORE_ERROR, E_COMPILE_ERROR, E_ERROR, E_PARSE, E_USER_ERROR, E_RECOVERABLE_ERROR ), true ) ) {
+        return;
+    }
+    $error = str_replace( ABSPATH, '', $error );
+    echo "###### begin_scraped_error:$scrape_key ######";
+    echo wp_json_encode( $error );
+}