Opened 10 years ago
Closed 10 years ago
#25924 closed defect (bug) (fixed)
Conflicting error messages in plugin editor
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 3.9 | Priority: | normal |
| Severity: | minor | Version: | 3.8 |
| Component: | Plugins | Keywords: | has-patch |
| Focuses: | administration | Cc: |
Description
I have recently been testing out the plugin editor in the administration menus. It seems to me that some of the error messages reported are conflicting when attempting to type in files names.
For example, if you enter a file name with a ".." or a "./" in the filenames path the error message reads as:
Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.
So the "./" eventually is not correctly being reported back as an error, however this very error message indicates that files in the home directory can be edited. So, type in wp-config.php or .htaccess and another error appears:
No such file exists! Double check the name and try again.
The reason this error is reported is because the code is looking in the wrong places and in fact it seems that file in the home directory cannot be edited.
A simple fix for this, presuming that the plugin editor is indeed only meant to allow editing of files in the wpc-ntent/plugins folder is to change the first error message to something like:
Sorry, can’t edit files with “..” or "./" in the name.
Note, this may affect the theme editor too, but I haven't looked at that.
Related: #25734