I tested it on 2.7.1 and it's ok, we can use the same implementation in this..
On Fri, Apr 3, 2009 at 3:42 PM, Ibrahim A. Mohamed <[email protected]>wrote: > Sorry, that didn't work..looking for better solutions :) > > > On Fri, Apr 3, 2009 at 3:39 PM, Ibrahim A. Mohamed > <[email protected]>wrote: > >> We can do so by adding: >> >> <?php if( false !== array_search($ext, $include) ) >>> wp_die("File is not editable."); ?> >>> >> >> on line 175 on the same file, my solutions shouldn't be the best for sure, >> as I think it should be in the same function that validates the plugin file >> if exists in wp-admin/includes/plugin.php . >> >> Thanks in Advance! >> >> On Fri, Apr 3, 2009 at 3:20 PM, Ibrahim A. Mohamed <[email protected] >> > wrote: >> >>> We should also consider the $file parameter sent from the URL, so when I >>> for example type in the address bar: >>> http://path.to/wordpress/wp-admin/plugin-editor.php?file=akismet/akismet >>> .*gif* >>> It works, we need to add a rule that if it was sent in URL, Edit can't >>> happen or something. >>> >>> >>> On Fri, Apr 3, 2009 at 2:24 PM, Ibrahim A. Mohamed < >>> [email protected]> wrote: >>> >>>> I love Peter's idea on Silverstein solution, we can do it this way: >>>> $include = array("php", "txt", "css", "html"); >>>> instead of >>>> $exclude = array("gif", "jpg", "png", "bmp", "swf", "flv", "mp3", "wav" >>>> /* others */); >>>> >>>> and change: if( false !== array_search($ext, $exclude)) continue; ?> >>>> >>>> to if( false === array_search($ext, $include)) continue; ?> >>>> >>>> Thanks in Advance! >>>> >>>> >>>> On Fri, Apr 3, 2009 at 3:50 AM, Ibrahim A. Mohamed < >>>> [email protected]> wrote: >>>> >>>>> Dear all, >>>>> >>>>> In 2.8, a new feature added to the Plugin editor in which you can edit >>>>> any file, not the plugin's file only. A problem can be found, especially >>>>> with plugins that has pictures included like akismet that you can edit >>>>> these >>>>> files, which is not logical, why should I edit a picture file in an >>>>> editor? >>>>> :) >>>>> >>>>> So, I think we can remove this by adding some rules for files that can >>>>> be editted, or files that don't need to be editted like image files this >>>>> might solve the problem. For example, for Akismet, in >>>>> wp-admin/plugin-editor.php in line 164 where it says: >>>>> >>>>> <?php foreach($plugin_files as $plugin_file) : ?> >>>>>> <li<?php echo $file == $plugin_file ? ' class="highlight"' : ''; ?>><a >>>>>> href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php >>>>>> echo >>>>>> $plugin; ?>"><?php echo $plugin_file ?></a></li> >>>>>> <?php endforeach; ?> >>>>>> >>>>> >>>>> We can make it: >>>>> >>>>> <?php foreach($plugin_files as $plugin_file) : >>>>>> // Get the extension of the file. >>>>>> $ext = substr($plugin_file, strpos($plugin_file, '.') + 1); >>>>>> // Extensions to be eliminated >>>>>> if($ext != 'gif' && $ext != 'jpg') : ?> >>>>>> <li<?php echo $file == $plugin_file ? ' class="highlight"' : >>>>>> ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; >>>>>> ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li> >>>>>> <?php endif; ?> >>>>>> <?php endforeach; ?> >>>>>> >>>>> >>>>> This actually solves it for gif file and jpg one. >>>>> >>>>> Thanks in Advance! >>>>> >>>>> -- >>>>> Regards, >>>>> Ibrahim Abdel Fattah Mohamed >>>>> Web Developer >>>>> Twitter: @bingorabbit >>>>> e-mail: [email protected] >>>>> Personal bLOG: http://bingorabbit.com/ >>>>> >>>> >>>> >>>> >>>> -- >>>> Regards, >>>> Ibrahim Abdel Fattah Mohamed >>>> Web Developer >>>> Twitter: @bingorabbit >>>> e-mail: [email protected] >>>> Personal bLOG: http://bingorabbit.com/ >>>> >>> >>> >>> >>> -- >>> Regards, >>> Ibrahim Abdel Fattah Mohamed >>> Web Developer >>> Twitter: @bingorabbit >>> e-mail: [email protected] >>> Personal bLOG: http://bingorabbit.com/ >>> >> >> >> >> -- >> Regards, >> Ibrahim Abdel Fattah Mohamed >> Web Developer >> Twitter: @bingorabbit >> e-mail: [email protected] >> Personal bLOG: http://bingorabbit.com/ >> > > > > -- > Regards, > Ibrahim Abdel Fattah Mohamed > Web Developer > Twitter: @bingorabbit > e-mail: [email protected] > Personal bLOG: http://bingorabbit.com/ > -- Regards, Ibrahim Abdel Fattah Mohamed Web Developer Twitter: @bingorabbit e-mail: [email protected] Personal bLOG: http://bingorabbit.com/ _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
