[wp-testers] Re: Editing Plugin files in 2.8

Silverstein, Jesse Jesse.Silverstein at xerox.com
Sat Apr 4 03:00:41 GMT 2009 

Not sure if there is a delay on my receiving this email or not, but I've added a patch to your patch :)

See http://core.trac.wordpress.org/attachment/ticket/9452/9452.1.patch

-Jesse Silverstein

-----Original Message-----
From: wp-testers-bounces at lists.automattic.com [mailto:wp-testers-bounces at lists.automattic.com] On Behalf Of Ibrahim A. Mohamed
Sent: Friday, April 03, 2009 9:25 PM
To: wp-testers at lists.automattic.com
Subject: [wp-testers] Re: Editing Plugin files in 2.8

In file wp-admin/plugin-editor.php, on line 178 I added:

    <?php
>         // Get the extension of the file.
>         $ext = substr($file, strpos($file, '.') + 1);
>         // List of included files
>         $include = array("php", "html", "css", "txt");
>         if( false === array_search($ext, $include) ) :
>             echo ("You can't edit this file.");
>             break;
>            endif;
>     ?>
>

Patch can be found here:
http://core.trac.wordpress.org/ticket/9452#comment:11, line 181 is just for
testing purposes.

Thanks in Advance!
On Fri, Apr 3, 2009 at 4:00 PM, Ibrahim A. Mohamed <bingorabbit at gmail.com>wrote:

> I tested it on 2.7.1 and it's ok, we can use the same implementation in
> this..
>
>
> On Fri, Apr 3, 2009 at 3:42 PM, Ibrahim A. Mohamed <bingorabbit at gmail.com>wrote:
>
>> Sorry, that didn't work..looking for better solutions :)
>>
>>
>> On Fri, Apr 3, 2009 at 3:39 PM, Ibrahim A. Mohamed <bingorabbit at gmail.com
>> > wrote:
>>
>>> We can do so by adding:
>>>
>>> <?php if( false !== array_search($ext, $include) )
>>>>         wp_die("File is not editable."); ?>
>>>>
>>>
>>> on line 175 on the same file, my solutions shouldn't be the best for
>>> sure, as I think it should be in the same function that validates the plugin
>>> file if exists in wp-admin/includes/plugin.php .
>>>
>>> Thanks in Advance!
>>>
>>> On Fri, Apr 3, 2009 at 3:20 PM, Ibrahim A. Mohamed <
>>> bingorabbit at gmail.com> wrote:
>>>
>>>> We should also consider the $file parameter sent from the URL, so when I
>>>> for example type in the address bar:
>>>> http://path.to/wordpress/wp-admin/plugin-editor.php?file=akismet/akismet
>>>> .*gif*
>>>> It works, we need to add a rule that if it was sent in URL, Edit can't
>>>> happen or something.
>>>>
>>>>
>>>> On Fri, Apr 3, 2009 at 2:24 PM, Ibrahim A. Mohamed <
>>>> bingorabbit at gmail.com> wrote:
>>>>
>>>>> I love Peter's idea on Silverstein solution, we can do it this way:
>>>>> $include = array("php", "txt", "css", "html");
>>>>> instead of
>>>>> $exclude = array("gif", "jpg", "png", "bmp", "swf", "flv", "mp3", "wav"
>>>>> /* others */);
>>>>>
>>>>> and change: if( false !== array_search($ext, $exclude)) continue; ?>
>>>>>
>>>>> to if( false === array_search($ext, $include)) continue; ?>
>>>>>
>>>>> Thanks in Advance!
>>>>>
>>>>>
>>>>> On Fri, Apr 3, 2009 at 3:50 AM, Ibrahim A. Mohamed <
>>>>> bingorabbit at gmail.com> wrote:
>>>>>
>>>>>> Dear all,
>>>>>>
>>>>>> In 2.8, a new feature added to the Plugin editor in which you can edit
>>>>>> any file, not the plugin's file only. A problem can be found, especially
>>>>>> with plugins that has pictures included like akismet that you can edit these
>>>>>> files, which is not logical, why should I edit a picture file in an editor?
>>>>>> :)
>>>>>>
>>>>>> So, I think we can remove this by adding some rules for files that can
>>>>>> be editted, or files that don't need to be editted like image files this
>>>>>> might solve the problem. For example, for Akismet, in
>>>>>> wp-admin/plugin-editor.php in line 164 where it says:
>>>>>>
>>>>>> <?php foreach($plugin_files as $plugin_file) : ?>
>>>>>>> <li<?php echo $file == $plugin_file ? ' class="highlight"' : '';
>>>>>>> ?>><a href="plugin-editor.php?file=<?php echo $plugin_file; ?>&plugin=<?php
>>>>>>> echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
>>>>>>> <?php endforeach; ?>
>>>>>>>
>>>>>>
>>>>>> We can make it:
>>>>>>
>>>>>> <?php foreach($plugin_files as $plugin_file) :
>>>>>>> // Get the extension of the file.
>>>>>>>     $ext = substr($plugin_file, strpos($plugin_file, '.') + 1);
>>>>>>> // Extensions to be eliminated
>>>>>>>     if($ext != 'gif' && $ext != 'jpg') : ?>
>>>>>>>         <li<?php echo $file == $plugin_file ? ' class="highlight"' :
>>>>>>> ''; ?>><a href="plugin-editor.php?file=<?php echo $plugin_file;
>>>>>>> ?>&plugin=<?php echo $plugin; ?>"><?php echo $plugin_file ?></a></li>
>>>>>>>     <?php endif; ?>
>>>>>>> <?php endforeach; ?>
>>>>>>>
>>>>>>
>>>>>> This actually solves it for gif file and jpg one.
>>>>>>
>>>>>> Thanks in Advance!
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>> Ibrahim Abdel Fattah Mohamed
>>>>>> Web Developer
>>>>>> Twitter: @bingorabbit
>>>>>> e-mail: bingorabbit at gmail.com
>>>>>> Personal bLOG: http://bingorabbit.com/
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Regards,
>>>>> Ibrahim Abdel Fattah Mohamed
>>>>> Web Developer
>>>>> Twitter: @bingorabbit
>>>>> e-mail: bingorabbit at gmail.com
>>>>> Personal bLOG: http://bingorabbit.com/
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Ibrahim Abdel Fattah Mohamed
>>>> Web Developer
>>>> Twitter: @bingorabbit
>>>> e-mail: bingorabbit at gmail.com
>>>> Personal bLOG: http://bingorabbit.com/
>>>>
>>>
>>>
>>>
>>> --
>>> Regards,
>>> Ibrahim Abdel Fattah Mohamed
>>> Web Developer
>>> Twitter: @bingorabbit
>>> e-mail: bingorabbit at gmail.com
>>> Personal bLOG: http://bingorabbit.com/
>>>
>>
>>
>>
>> --
>> Regards,
>> Ibrahim Abdel Fattah Mohamed
>> Web Developer
>> Twitter: @bingorabbit
>> e-mail: bingorabbit at gmail.com
>> Personal bLOG: http://bingorabbit.com/
>>
>
>
>
> --
> Regards,
> Ibrahim Abdel Fattah Mohamed
> Web Developer
> Twitter: @bingorabbit
> e-mail: bingorabbit at gmail.com
> Personal bLOG: http://bingorabbit.com/
>



-- 
Regards,
Ibrahim Abdel Fattah Mohamed
Web Developer
Twitter: @bingorabbit
e-mail: bingorabbit at gmail.com
Personal bLOG: http://bingorabbit.com/
_______________________________________________
wp-testers mailing list
wp-testers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-testers

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.0.238 / Virus Database: 270.11.40/2039 - Release Date: 04/03/09 17:54:00

More information about the wp-testers mailing list