Make WordPress Core

Opened 15 years ago

Closed 13 years ago

Last modified 13 years ago

#4787 closed defect (bug) (wontfix)

PHP files in wp-content/plugins unconditionnaly take over their Dashboard homonyms

Reported by: ozh's profile Ozh Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Administration Keywords: dashboard plugin override has-patch
Focuses: Cc:

Description

Problem

Putting in wp-content/plugins a file that has the same name as a file in wp-admin/ (for instance index.php as an attempt to hide the plugins directory content, or themes.php or whatever) overrides the original Dashboard page.

If this is a feature (allow a plugin to take over a Dashboard page), which might be cool after all, then before letting it doing so, we need to check that the file is an activated plugin.

Proposal

1) 2 new functions to be included in wp-admin/includes/plugin.php

/**
 * Checks if a file is (seems to be) a plugin (Ozh)
 * 
 * @param string $plugin_file The filename of plugin (full path)
 * @return boolean
 */
function is_pluginfile($plugin_file) {
	if ( !is_readable( $plugin_file ) || substr($plugin_file, -4) != '.php' )
		return false;
		
	$plugin_data = get_plugin_data( $plugin_file );

	if ( empty ( $plugin_data['Name'] ) )
		return false;

	return true;
}

/**
 * Checks if a plugin is activated (Ozh)
 * 
 * Checks first if the file is (seems to be) a plugin
 * @param string $plugin_file The filename of plugin (full path, or relative path to plugins dir as stored in options table under 'plugins_activated')
 * @return boolean
 */
function is_activatedplugin($plugin_file) {
	if ( get_option('active_plugins') ) {
		$current_plugins = get_option('active_plugins');
	} else {
		return false;
	}
	
	$plugin_root = ABSPATH . PLUGINDIR;
	// $plugin_file can be a full or relative filename path, so sanitize it and make it always relative
	$plugin_file = plugin_basename($plugin_file);

	if ( is_pluginfile($plugin_root .'/'. $plugin_file) && in_array($plugin_file, $current_plugins) ) {
		return true;
	} else {
		return false;
	}
}

2) Modification of wp-admin/menu-header.php

Replace every file_exists with is_activatedplugin
(sorry, no svn or patch on this computer)

Attachments (1)

4787-check-plugin-activated.diff (2.8 KB) - added by ozh 15 years ago.
diff (applies from /wp-admin) for menu-header.php and includes/plugin.php

Download all attachments as: .zip

Change History (9)

#1 @DD32
15 years ago

If this is a feature (allow a plugin to take over a Dashboard page), which might be cool after all, then before letting it doing so, we need to check that the file is an activated plugin.

That can be accomplished via hooks at present(in 2.2+ at least), ie, to take over the plugins.php page:

add_action('load-plugins.php', 'override_plugins_page');
function override_plugins_page($arg = ''){
	global $wpdb,$menu,$submenu;
	include('my-plugins-file.php');
	exit; //To prevent the default plugins.php file running.
}

Given it can be done via a hook, i dont see the need to manually override via a file in wp-content/plugins/, It may be a route which some plugins presently do, but most plugins that have mutliple files place their files within a single folder in the plugins directory to keep everything clean and organised, I only see plugins with multiple files wanting to take the route of replacing admin pages completely(Due to the complexity they would generally be)

#2 @Ozh
15 years ago

  • Cc ozh@… added

@ozh
15 years ago

diff (applies from /wp-admin) for menu-header.php and includes/plugin.php

#3 @ryan
15 years ago

  • Milestone changed from 2.3 to 2.4

#4 @ozh
15 years ago

Any new thought on this, or any reason this wouldnt make it into 2.5 ?

#5 @ozh
15 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Doesn't look like it will get attention.

#6 @Nazgul
15 years ago

  • Milestone 2.5 deleted

#7 @hallsofmontezuma
13 years ago

  • Cc hallsofmontezuma added
  • Milestone set to 2.8
  • Resolution wontfix deleted
  • Status changed from closed to reopened
  • Version set to 2.8

#8 @dd32
13 years ago

  • Milestone 2.8 deleted
  • Resolution set to wontfix
  • Status changed from reopened to closed
  • Version 2.8 deleted

Please do not re-open old tickets with nothing to add.

There have been a few related tickets and changes to this since this ticket was closed.

IIRC, index.php files will no longer take over the dashboard, however unsure about the others.

Note: See TracTickets for help on using tickets.