WordPress.org

Make WordPress Core

Opened 7 months ago

Closed 7 months ago

#42425 closed defect (bug) (fixed)

Theme editor: Unable to edit files more than 1-level deep

Reported by: westonruter Owned by: westonruter
Milestone: 4.9 Priority: normal
Severity: normal Version: 4.9
Component: General Keywords: has-patch commit dev-reviewed
Focuses: Cc:

Description

In [41806] for #6531 the logic for gathering the list of $allowed_files was modified to allow for a unlimited depth for listing out files to edit. However, the same change was not then likewise applied to wp_edit_theme_plugin_file() when actually validating the file path to edit. The result is that a user can view the code any file in a theme but they cannot save any edits they make. The logic in wp_edit_theme_plugin_file() needs to be updated to match the code in theme-editor.php.

Attachments (1)

42425.0.diff (987 bytes) - added by westonruter 7 months ago.

Download all attachments as: .zip

Change History (8)

@westonruter
7 months ago

#1 @westonruter
7 months ago

  • Keywords has-patch added
  • Version set to trunk

#2 @westonruter
7 months ago

  • Keywords dev-feedback added

This ticket was mentioned in Slack in #core-customize by westonruter. View the logs.


7 months ago

#5 @obenland
7 months ago

  • Keywords commit dev-reviewed added; dev-feedback removed

42425.0.diff fixes the bug, LGTM.

#6 @westonruter
7 months ago

  • Owner set to westonruter
  • Status changed from new to accepted

#7 @westonruter
7 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 42112:

Theme Editor: Ensure files listed recursively can be both viewed and edited.

Prevent edits to 2-level deep theme files from returning a disallowed_theme_file error when attempting to save an edit. Aligns logic for gathering $allowed_files in theme-editor.php for listing files with the validation logic in wp_edit_theme_plugin_file().

Amends [41806].
See #6531.
Fixes #42425.

Note: See TracTickets for help on using tickets.