WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix file validation in theme editor. Props dd32. fixes #11032 

git-svn-id: http://svn.automattic.com/wordpress/trunk@12310 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-12-01 22:03:13 +00:00
parent 888310cbbc
commit 8b5ba8c556
4 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/file.php
View File

@ -195,8 +195,6 @@ function wp_tempnam($filename = '', $dir = ''){
* @return unknown * @return unknown
*/ */
function validate_file_to_edit( $file, $allowed_files = '' ) { function validate_file_to_edit( $file, $allowed_files = '' ) {
$file = stripslashes( $file );
$code = validate_file( $file, $allowed_files ); $code = validate_file( $file, $allowed_files );
if (!$code ) if (!$code )
@ -206,8 +204,8 @@ function validate_file_to_edit( $file, $allowed_files = '' ) {
case 1 : case 1 :
wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' )); wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' ));
case 2 : //case 2 :
wp_die( __('Sorry, can’t call files with their real path.' )); // wp_die( __('Sorry, can’t call files with their real path.' ));
case 3 : case 3 :
wp_die( __('Sorry, that file cannot be edited.' )); wp_die( __('Sorry, that file cannot be edited.' ));

4
wp-admin/plugin-editor.php
View File

@ -22,7 +22,7 @@ wp_admin_css( 'theme-editor' );
$plugins = get_plugins(); $plugins = get_plugins();
if ( isset($_REQUEST['file']) ) if ( isset($_REQUEST['file']) )
$plugin = $_REQUEST['file']; $plugin = stripslashes($_REQUEST['file']);
if ( empty($plugin) ) { if ( empty($plugin) ) {
$plugin = array_keys($plugins); $plugin = array_keys($plugins);
@ -33,6 +33,8 @@ $plugin_files = get_plugin_files($plugin);
if ( empty($file) ) if ( empty($file) )
$file = $plugin_files[0]; $file = $plugin_files[0];
else
$file = stripslashes($file);
$file = validate_file_to_edit($file, $plugin_files); $file = validate_file_to_edit($file, $plugin_files);
$real_file = WP_PLUGIN_DIR . '/' . $file; $real_file = WP_PLUGIN_DIR . '/' . $file;

22
wp-admin/theme-editor.php
View File

@ -35,6 +35,7 @@ $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme
if (empty($file)) { if (empty($file)) {
$file = $allowed_files[0]; $file = $allowed_files[0];
} else { } else {
$file = stripslashes($file);
if ( 'theme' == $dir ) { if ( 'theme' == $dir ) {
$file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ;
} else if ( 'style' == $dir) { } else if ( 'style' == $dir) {
@ -42,9 +43,8 @@ if (empty($file)) {
} }
} }
$real_file = validate_file_to_edit($file, $allowed_files); validate_file_to_edit($file, $allowed_files);
$scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0;
$file_show = basename( $file ); $file_show = basename( $file );
switch($action) { switch($action) {
@ -55,9 +55,9 @@ case 'update':
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
$theme = urlencode($theme); $theme = urlencode($theme);
if (is_writeable($real_file)) { if (is_writeable($file)) {
//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
$f = fopen($real_file, 'w+'); $f = fopen($file, 'w+');
if ($f !== FALSE) { if ($f !== FALSE) {
fwrite($f, $newcontent); fwrite($f, $newcontent);
fclose($f); fclose($f);
@ -83,14 +83,14 @@ default:
update_recently_edited($file); update_recently_edited($file);
if ( !is_file($real_file) ) if ( !is_file($file) )
$error = 1; $error = 1;
if ( !$error && filesize($real_file) > 0 ) { if ( !$error && filesize($file) > 0 ) {
$f = fopen($real_file, 'r'); $f = fopen($file, 'r');
$content = fread($f, filesize($real_file)); $content = fread($f, filesize($file));
if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) { if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) {
$functions = wp_doc_link_parse( $content ); $functions = wp_doc_link_parse( $content );
$docs_select = '<select name="docs-list" id="docs-list">'; $docs_select = '<select name="docs-list" id="docs-list">';
@ -102,7 +102,7 @@ default:
} }
$content = htmlspecialchars( $content ); $content = htmlspecialchars( $content );
$codepress_lang = codepress_get_lang($real_file); $codepress_lang = codepress_get_lang($file);
} }
?> ?>
@ -212,7 +212,7 @@ if ($allowed_files) :
<?php } ?> <?php } ?>
<div> <div>
<?php if ( is_writeable($real_file) ) : ?> <?php if ( is_writeable($file) ) : ?>
<p class="submit"> <p class="submit">
<?php <?php
echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />"; echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />";

6
wp-includes/functions.php
View File

@ -3068,12 +3068,12 @@ function validate_file( $file, $allowed_files = '' ) {
if ( false !== strpos( $file, './' )) if ( false !== strpos( $file, './' ))
return 1; return 1;
if (':' == substr( $file, 1, 1 ))
return 2;
if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) ) if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
return 3; return 3;
if (':' == substr( $file, 1, 1 ))
return 2;
return 0; return 0;
} }