From 44c75415b3f4b378978979f3073049ea4c5b3e7f Mon Sep 17 00:00:00 2001
From: Dion Hulse <dd32@git.wordpress.org>
Date: Mon, 27 Nov 2017 03:43:11 +0000
Subject: [PATCH] Theme Editior: Base the nonce on a simpler combination of
 fields, for easier debugging & reading.

See #42609.
Fixes #42705.


git-svn-id: https://develop.svn.wordpress.org/trunk@42246 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/file.php | 6 ++++--
 src/wp-admin/theme-editor.php  | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/includes/file.php b/src/wp-admin/includes/file.php
index 4144a79e33..1a792b9087 100644
--- a/src/wp-admin/includes/file.php
+++ b/src/wp-admin/includes/file.php
@@ -414,8 +414,7 @@ function wp_edit_theme_plugin_file( $args ) {
 			return new WP_Error( 'non_existent_theme', __( 'The requested theme does not exist.' ) );
 		}
 
-		$real_file = $theme->get_stylesheet_directory() . '/' . $file;
-		if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $real_file . $stylesheet ) ) {
+		if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $stylesheet . '_' . $file ) ) {
 			return new WP_Error( 'nonce_failure' );
 		}
 
@@ -450,7 +449,10 @@ function wp_edit_theme_plugin_file( $args ) {
 			return new WP_Error( 'disallowed_theme_file', __( 'Sorry, that file cannot be edited.' ) );
 		}
 
+		$real_file = $theme->get_stylesheet_directory() . '/' . $file;
+
 		$is_active = ( get_stylesheet() === $stylesheet || get_template() === $stylesheet );
+
 	} else {
 		return new WP_Error( 'missing_theme_or_plugin' );
 	}
diff --git a/src/wp-admin/theme-editor.php b/src/wp-admin/theme-editor.php
index c6443cb8a1..7f658848d4 100644
--- a/src/wp-admin/theme-editor.php
+++ b/src/wp-admin/theme-editor.php
@@ -114,7 +114,7 @@ if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) {
 	$r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) );
 	if ( is_wp_error( $r ) ) {
 		$edit_error = $r;
-		if ( check_ajax_referer( 'edit-theme_' . $file . $stylesheet, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
+		if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) {
 			$posted_content = wp_unslash( $_POST['newcontent'] );
 		}
 	} else {
@@ -255,7 +255,7 @@ if ( $theme->errors() )
 	echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
 else : ?>
 	<form name="template" id="template" action="theme-editor.php" method="post">
-		<?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet, 'nonce' ); ?>
+		<?php wp_nonce_field( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce' ); ?>
 		<div>
 			<label for="newcontent" id="theme-plugin-editor-label"><?php _e( 'Selected file content:' ); ?></label>
 			<textarea cols="70" rows="30" name="newcontent" id="newcontent" aria-describedby="editor-keyboard-trap-help-1 editor-keyboard-trap-help-2 editor-keyboard-trap-help-3 editor-keyboard-trap-help-4"><?php echo $content; ?></textarea>