From 62374e5c7217c37509244b02f93551f48529bc0c Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 8 Apr 2009 18:34:46 +0000 Subject: [PATCH] Require active plugin files to end in .php. Props hakre. fixes #9406 git-svn-id: http://svn.automattic.com/wordpress/trunk@10892 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-settings.php | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/wp-settings.php b/wp-settings.php index 38ea27f88..83aa03192 100644 --- a/wp-settings.php +++ b/wp-settings.php @@ -512,16 +512,22 @@ if ( get_option('hack_file') ) { require(ABSPATH . 'my-hacks.php'); } -if ( get_option('active_plugins') && !defined('WP_INSTALLING') ) { - $current_plugins = get_option('active_plugins'); - if ( is_array($current_plugins) ) { - foreach ( $current_plugins as $plugin ) { - if ( '' != $plugin && 0 == validate_file($plugin) && file_exists(WP_PLUGIN_DIR . '/' . $plugin) ) - include_once(WP_PLUGIN_DIR . '/' . $plugin); - } - unset($plugin); +$current_plugins = get_option('active_plugins'); +if ( is_array($current_plugins) && !defined('WP_INSTALLING') ) { + foreach ( $current_plugins as $plugin ) { + // check the $plugin filename + // Validate plugin filename + if ( validate_file($plugin) // $plugin must validate as file + || '.php' != substr($plugin, -4) // $plugin must end with '.php' + || !file_exists(WP_PLUGIN_DIR . '/' . $plugin) // $plugin must exist + ) + continue; + + include_once(WP_PLUGIN_DIR . '/' . $plugin); } + unset($plugin); } +unset($current_plugins); require (ABSPATH . WPINC . '/pluggable.php');