sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Theme Editor: Ensure files listed recursively can be both viewed and edited. 

Prevent edits to 2-level deep theme files from returning a `disallowed_theme_file` error when attempting to save an edit. Aligns logic for gathering `$allowed_files` in `theme-editor.php` for listing files with the validation logic in `wp_edit_theme_plugin_file()`.

Amends [41806].
See #6531.
Fixes #42425.


git-svn-id: https://develop.svn.wordpress.org/trunk@42112 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Weston Ruter 2017-11-02 23:04:54 +00:00
parent 4f0527afdc
commit 3fab757196
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/wp-admin/includes/file.php
View File

@ -432,15 +432,15 @@ function wp_edit_theme_plugin_file( $args ) {
foreach ( $editable_extensions as $type ) { foreach ( $editable_extensions as $type ) {
switch ( $type ) { switch ( $type ) {
case 'php': case 'php':
$allowed_files = array_merge( $allowed_files, $theme->get_files( 'php', 1 ) ); $allowed_files = array_merge( $allowed_files, $theme->get_files( 'php', -1 ) );
break; break;
case 'css': case 'css':
$style_files = $theme->get_files( 'css' ); $style_files = $theme->get_files( 'css', -1 );
$allowed_files['style.css'] = $style_files['style.css']; $allowed_files['style.css'] = $style_files['style.css'];
$allowed_files = array_merge( $allowed_files, $style_files ); $allowed_files = array_merge( $allowed_files, $style_files );
break; break;
default: default:
$allowed_files = array_merge( $allowed_files, $theme->get_files( $type ) ); $allowed_files = array_merge( $allowed_files, $theme->get_files( $type, -1 ) );
break; break;
} }
} }