From 8b5ba8c55614d745533d47f06bf534d1a5cfa21b Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 1 Dec 2009 22:03:13 +0000 Subject: [PATCH] Fix file validation in theme editor. Props dd32. fixes #11032 git-svn-id: http://svn.automattic.com/wordpress/trunk@12310 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/file.php | 6 ++---- wp-admin/plugin-editor.php | 4 +++- wp-admin/theme-editor.php | 22 +++++++++++----------- wp-includes/functions.php | 6 +++--- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/wp-admin/includes/file.php b/wp-admin/includes/file.php index fb8a4ee47..4120532db 100644 --- a/wp-admin/includes/file.php +++ b/wp-admin/includes/file.php @@ -195,8 +195,6 @@ function wp_tempnam($filename = '', $dir = ''){ * @return unknown */ function validate_file_to_edit( $file, $allowed_files = '' ) { - $file = stripslashes( $file ); - $code = validate_file( $file, $allowed_files ); if (!$code ) @@ -206,8 +204,8 @@ function validate_file_to_edit( $file, $allowed_files = '' ) { case 1 : wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' )); - case 2 : - wp_die( __('Sorry, can’t call files with their real path.' )); + //case 2 : + // wp_die( __('Sorry, can’t call files with their real path.' )); case 3 : wp_die( __('Sorry, that file cannot be edited.' )); diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index f9bc30ac6..05aa02a87 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -22,7 +22,7 @@ wp_admin_css( 'theme-editor' ); $plugins = get_plugins(); if ( isset($_REQUEST['file']) ) - $plugin = $_REQUEST['file']; + $plugin = stripslashes($_REQUEST['file']); if ( empty($plugin) ) { $plugin = array_keys($plugins); @@ -33,6 +33,8 @@ $plugin_files = get_plugin_files($plugin); if ( empty($file) ) $file = $plugin_files[0]; +else + $file = stripslashes($file); $file = validate_file_to_edit($file, $plugin_files); $real_file = WP_PLUGIN_DIR . '/' . $file; diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index 29119098b..c85fa0abd 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -35,6 +35,7 @@ $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme if (empty($file)) { $file = $allowed_files[0]; } else { + $file = stripslashes($file); if ( 'theme' == $dir ) { $file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; } else if ( 'style' == $dir) { @@ -42,9 +43,8 @@ if (empty($file)) { } } -$real_file = validate_file_to_edit($file, $allowed_files); +validate_file_to_edit($file, $allowed_files); $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0; - $file_show = basename( $file ); switch($action) { @@ -55,9 +55,9 @@ case 'update': $newcontent = stripslashes($_POST['newcontent']); $theme = urlencode($theme); - if (is_writeable($real_file)) { + if (is_writeable($file)) { //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable - $f = fopen($real_file, 'w+'); + $f = fopen($file, 'w+'); if ($f !== FALSE) { fwrite($f, $newcontent); fclose($f); @@ -83,14 +83,14 @@ default: update_recently_edited($file); - if ( !is_file($real_file) ) + if ( !is_file($file) ) $error = 1; - if ( !$error && filesize($real_file) > 0 ) { - $f = fopen($real_file, 'r'); - $content = fread($f, filesize($real_file)); + if ( !$error && filesize($file) > 0 ) { + $f = fopen($file, 'r'); + $content = fread($f, filesize($file)); - if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) { + if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) { $functions = wp_doc_link_parse( $content ); $docs_select = '