Not sure if there is a delay on my receiving this email or not, but I've added a patch to your patch :)
See http://core.trac.wordpress.org/attachment/ticket/9452/9452.1.patch -Jesse Silverstein -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Ibrahim A. Mohamed Sent: Friday, April 03, 2009 9:25 PM To: [email protected] Subject: [wp-testers] Re: Editing Plugin files in 2.8 In file wp-admin/plugin-editor.php, on line 178 I added: <?php > // Get the extension of the file. > $ext = substr($file, strpos($file, '.') + 1); > // List of included files > $include = array("php", "html", "css", "txt"); > if( false === array_search($ext, $include) ) : > echo ("You can't edit this file."); > break; > endif; > ?> > Patch can be found here: http://core.trac.wordpress.org/ticket/9452#comment:11, line 181 is just for testing purposes. Thanks in Advance! On Fri, Apr 3, 2009 at 4:00 PM, Ibrahim A. Mohamed <[email protected]>wrote: > I tested it on 2.7.1 and it's ok, we can use the same implementation in > this.. > > > On Fri, Apr 3, 2009 at 3:42 PM, Ibrahim A. Mohamed > <[email protected]>wrote: > >> Sorry, that didn't work..looking for better solutions :) >> >> >> On Fri, Apr 3, 2009 at 3:39 PM, Ibrahim A. Mohamed <[email protected] >> > wrote: >> >>> We can do so by adding: >>> >>> <?php if( false !== array_search($ext, $include) ) >>>> wp_die("File is not editable."); ?> >>>> >>> >>> on line 175 on the same file, my solutions shouldn't be the best for >>> sure, as I think it should be in the same function that validates the plugin >>> file if exists in wp-admin/includes/plugin.php . >>> >>> Thanks in Advance! >>> >>> On Fri, Apr 3, 2009 at 3:20 PM, Ibrahim A. Mohamed < >>> [email protected]> wrote: >>> >>>> We should also consider the $file parameter sent from the URL, so when I >>>> for example type in the address bar: >>>> http://path.to/wordpress/wp-admin/plugin-editor.php?file=akismet/akismet >>>> .*gif* >>>> It works, we need to add a rule that if it was sent in URL, Edit can't >>>> happen or something. >>>> >>>> >>>> On Fri, Apr 3, 2009 at 2:24 PM, Ibrahim A. Mohamed < >>>> [email protected]> wrote: >>>> >>>>> I love Peter's idea on Silverstein solution, we can do it this way: >>>>> $include = array("php", "txt", "css", "html"); >>>>> instead of >>>>> $exclude = array("gif", "jpg", "png", "bmp", "swf", "flv", "mp3", "wav" >>>>> /* others */); >>>>> >>>>> and change: if( false !== array_search($ext, $exclude)) continue; ?> >>>>> >>>>> to if( false === array_search($ext, $include)) continue; ?> >>>>> >>>>> Thanks in Advance! >>>>> >>>>> >>>>> On Fri, Apr 3, 2009 at 3:50 AM, Ibrahim A. Mohamed < >>>>> [email protected]> wrote: >>>>> >>>>>> Dear all, >>>>>> >>>>>> In 2.8, a new feature added to the Plugin editor in which you can edit >>>>>> any file, not the plugin's file only. A problem can be found, especially >>>>>> with plugins that has pictures included like akismet that you can edit >>>>>> these >>>>>> files, which is not logical, why should I edit a picture file in an >>>>>> editor? >>>>>> :) >>>>>> >>>>>> So, I think we can remove this by adding some rules for files that can >>>>>> be editted, or files that don't need to be editted like image files this >>>>>> might solve the problem. For example, for Akismet, in >>>>>> wp-admin/plugin-editor.php in line 164 where it says: >>>>>> >>>>>> <?php foreach($plugin_files as $plugin_file) : ?> >>>>>>> <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; >>>>>>> ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; >>>>>>> ?>&plugin=<?php >>>>>>> echo $plugin; ?>"><?php echo $plugin_file ?></a></li> >>>>>>> <?php endforeach; ?> >>>>>>> >>>>>> >>>>>> We can make it: >>>>>> >>>>>> <?php foreach($plugin_files as $plugin_file) : >>>>>>> // Get the extension of the file. >>>>>>> $ext = substr($plugin_file, strpos($plugin_file, '.') + 1); >>>>>>> // Extensions to be eliminated >>>>>>> if($ext != 'gif' && $ext != 'jpg') : ?> >>>>>>> <li<?php echo $file == $plugin_file ? ' class="highlight"' : >>>>>>> ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; >>>>>>> ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li> >>>>>>> <?php endif; ?> >>>>>>> <?php endforeach; ?> >>>>>>> >>>>>> >>>>>> This actually solves it for gif file and jpg one. >>>>>> >>>>>> Thanks in Advance! >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> Ibrahim Abdel Fattah Mohamed >>>>>> Web Developer >>>>>> Twitter: @bingorabbit >>>>>> e-mail: [email protected] >>>>>> Personal bLOG: http://bingorabbit.com/ >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> Ibrahim Abdel Fattah Mohamed >>>>> Web Developer >>>>> Twitter: @bingorabbit >>>>> e-mail: [email protected] >>>>> Personal bLOG: http://bingorabbit.com/ >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Ibrahim Abdel Fattah Mohamed >>>> Web Developer >>>> Twitter: @bingorabbit >>>> e-mail: [email protected] >>>> Personal bLOG: http://bingorabbit.com/ >>>> >>> >>> >>> >>> -- >>> Regards, >>> Ibrahim Abdel Fattah Mohamed >>> Web Developer >>> Twitter: @bingorabbit >>> e-mail: [email protected] >>> Personal bLOG: http://bingorabbit.com/ >>> >> >> >> >> -- >> Regards, >> Ibrahim Abdel Fattah Mohamed >> Web Developer >> Twitter: @bingorabbit >> e-mail: [email protected] >> Personal bLOG: http://bingorabbit.com/ >> > > > > -- > Regards, > Ibrahim Abdel Fattah Mohamed > Web Developer > Twitter: @bingorabbit > e-mail: [email protected] > Personal bLOG: http://bingorabbit.com/ > -- Regards, Ibrahim Abdel Fattah Mohamed Web Developer Twitter: @bingorabbit e-mail: [email protected] Personal bLOG: http://bingorabbit.com/ _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.40/2039 - Release Date: 04/03/09 17:54:00
_______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
