From 5535abbd22c8957f657dba9f5ce85f969aef8700 Mon Sep 17 00:00:00 2001 From: ryan Date: Mon, 6 Apr 2009 17:27:36 +0000 Subject: [PATCH] Don't allow editing of binary files. Props jbsil. fixes #9452 git-svn-id: http://svn.automattic.com/wordpress/trunk@10879 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/plugin-editor.php | 67 ++++++++++++++++++++++++++++---------- 1 file changed, 50 insertions(+), 17 deletions(-) diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index baf506fc09..1e583c2307 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -18,6 +18,9 @@ wp_admin_css( 'theme-editor' ); $plugins = get_plugins(); +if ( isset($_REQUEST['plugin']) ) + $plugin = $_REQUEST['plugin']; + if ( empty($plugin) ) { $plugin = array_keys($plugins); $plugin = $plugin[0]; @@ -25,13 +28,13 @@ if ( empty($plugin) ) { $plugin_files = get_plugin_files($plugin); -if (empty($file)) +if ( empty($file) ) $file = $plugin_files[0]; $file = validate_file_to_edit($file, $plugin_files); $real_file = WP_PLUGIN_DIR . '/' . $file; -switch($action) { +switch ( $action ) { case 'update': @@ -70,11 +73,11 @@ default: check_admin_referer('edit-plugin-test_' . $file); $error = validate_plugin($file); - if( is_wp_error($error) ) + if ( is_wp_error($error) ) wp_die( $error ); if ( ! is_plugin_active($file) ) - activate_plugin($file, "plugin-editor.php?file=$file&phperror=1");// we'll override this later if the plugin can be included without fatal error + activate_plugin($file, "plugin-editor.php?file=$file&phperror=1"); // we'll override this later if the plugin can be included without fatal error wp_redirect("plugin-editor.php?file=$file&a=te"); exit; @@ -86,8 +89,23 @@ default: update_recently_edited(WP_PLUGIN_DIR . '/' . $file); - if ( ! is_file($real_file) ) - $error = 1; + // List of allowable extensions + $editable_extensions = array('php', 'txt', 'text', 'js', 'css', 'html', 'htm', 'xml', 'inc', 'include'); + $extra_extensions = apply_filters('editable_extensions', null); + if ( is_array($extra_extensions) ) + $editable_extensions = array_merge($editable_extensions, $extra_extensions); + + if ( ! is_file($real_file) ) { + $error = __('No such file exists! Double check the name and try again.'); + } else { + // Get the extension of the file + if ( preg_match('/\.([^.]+)$/', $real_file, $matches) ) { + $ext = strtolower($matches[1]); + // If extension is not in the acceptable list, skip it + if ( !in_array( $ext, $editable_extensions) ) + $error = __('Files of this type are not editable.'); + } + } if ( ! $error ) { $content = file_get_contents( $real_file ); @@ -98,7 +116,7 @@ default: $docs_select = ''; } @@ -126,13 +144,16 @@ default: @@ -161,7 +182,19 @@ default:

@@ -175,7 +208,7 @@ default: -
+
@@ -195,7 +228,7 @@ default:

' . __('Oops, no such file exists! Double check the name and try again, merci.') . '

'; + echo '

' . $error . '

'; } ?>