#4787 closed defect (bug) (wontfix)
PHP files in wp-content/plugins unconditionnaly take over their Dashboard homonyms
Reported by: | Ozh | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | dashboard plugin override has-patch |
Focuses: | Cc: |
Description
Problem
Putting in wp-content/plugins a file that has the same name as a file in wp-admin/ (for instance index.php as an attempt to hide the plugins directory content, or themes.php or whatever) overrides the original Dashboard page.
If this is a feature (allow a plugin to take over a Dashboard page), which might be cool after all, then before letting it doing so, we need to check that the file is an activated plugin.
Proposal
1) 2 new functions to be included in wp-admin/includes/plugin.php
/** * Checks if a file is (seems to be) a plugin (Ozh) * * @param string $plugin_file The filename of plugin (full path) * @return boolean */ function is_pluginfile($plugin_file) { if ( !is_readable( $plugin_file ) || substr($plugin_file, -4) != '.php' ) return false; $plugin_data = get_plugin_data( $plugin_file ); if ( empty ( $plugin_data['Name'] ) ) return false; return true; } /** * Checks if a plugin is activated (Ozh) * * Checks first if the file is (seems to be) a plugin * @param string $plugin_file The filename of plugin (full path, or relative path to plugins dir as stored in options table under 'plugins_activated') * @return boolean */ function is_activatedplugin($plugin_file) { if ( get_option('active_plugins') ) { $current_plugins = get_option('active_plugins'); } else { return false; } $plugin_root = ABSPATH . PLUGINDIR; // $plugin_file can be a full or relative filename path, so sanitize it and make it always relative $plugin_file = plugin_basename($plugin_file); if ( is_pluginfile($plugin_root .'/'. $plugin_file) && in_array($plugin_file, $current_plugins) ) { return true; } else { return false; } }
2) Modification of wp-admin/menu-header.php
Replace every file_exists with is_activatedplugin
(sorry, no svn or patch on this computer)
Attachments (1)
Change History (9)
#5
@
17 years ago
- Resolution set to wontfix
- Status changed from new to closed
Doesn't look like it will get attention.
#7
@
16 years ago
- Cc hallsofmontezuma added
- Milestone set to 2.8
- Resolution wontfix deleted
- Status changed from closed to reopened
- Version set to 2.8
#8
@
16 years ago
- Milestone 2.8 deleted
- Resolution set to wontfix
- Status changed from reopened to closed
- Version 2.8 deleted
Please do not re-open old tickets with nothing to add.
There have been a few related tickets and changes to this since this ticket was closed.
IIRC, index.php files will no longer take over the dashboard, however unsure about the others.
That can be accomplished via hooks at present(in 2.2+ at least), ie, to take over the plugins.php page:
Given it can be done via a hook, i dont see the need to manually override via a file in wp-content/plugins/, It may be a route which some plugins presently do, but most plugins that have mutliple files place their files within a single folder in the plugins directory to keep everything clean and organised, I only see plugins with multiple files wanting to take the route of replacing admin pages completely(Due to the complexity they would generally be)