Changeset 3269822
- Timestamp:
- 04/09/2025 03:20:42 PM (8 months ago)
- Location:
- wp-editor/trunk
- Files:
-
- 5 edited
-
classes/WPEditor.php (modified) (3 diffs)
-
classes/WPEditorAjax.php (modified) (1 diff)
-
classes/WPEditorBrowser.php (modified) (3 diffs)
-
readme.txt (modified) (2 diffs)
-
wpeditor.php (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
wp-editor/trunk/classes/WPEditor.php
r2456726 r3269822 132 132 133 133 public function init() { 134 // Define the WP Editor version number 135 define( 'WPEDITOR_VERSION_NUMBER', $this->wpe_version_number() ); 136 134 137 // Load all additional required classes 135 138 $this->loadCoreModels(); … … 244 247 wp_register_script( 'quicktags', WPEDITOR_URL . '/js/quicktags.js', false, WPEDITOR_VERSION_NUMBER, true ); 245 248 wp_localize_script( 'quicktags', 'quicktagsL10n', array( 246 'closeAllOpenTags' 247 'closeTags' 248 'enterURL' 249 'enterImageURL' 250 'enterImageDescription' 251 'textdirection' 252 'toggleTextdirection' 253 'dfw' 254 'strong' 255 'strongClose' 256 'em' 257 'emClose' 258 'link' 259 'blockquote' 260 'blockquoteClose' 261 'del' 262 'delClose' 263 'ins' 264 'insClose' 265 'image' 266 'ul' 267 'ulClose' 268 'ol' 269 'olClose' 270 'li' 271 'liClose' 272 'code' 273 'codeClose' 274 'more' 249 'closeAllOpenTags' => __( 'Close all open tags', 'wp-editor' ), 250 'closeTags' => __( 'close tags', 'wp-editor' ), 251 'enterURL' => __( 'Enter the URL', 'wp-editor' ), 252 'enterImageURL' => __( 'Enter the URL of the image', 'wp-editor' ), 253 'enterImageDescription' => __( 'Enter a description of the image', 'wp-editor' ), 254 'textdirection' => __( 'text direction', 'wp-editor' ), 255 'toggleTextdirection' => __( 'Toggle Editor Text Direction', 'wp-editor' ), 256 'dfw' => __( 'Distraction-free writing mode', 'wp-editor' ), 257 'strong' => __( 'Bold', 'wp-editor' ), 258 'strongClose' => __( 'Close bold tag', 'wp-editor' ), 259 'em' => __( 'Italic', 'wp-editor' ), 260 'emClose' => __( 'Close italic tag', 'wp-editor' ), 261 'link' => __( 'Insert link', 'wp-editor' ), 262 'blockquote' => __( 'Blockquote', 'wp-editor' ), 263 'blockquoteClose' => __( 'Close blockquote tag', 'wp-editor' ), 264 'del' => __( 'Deleted text (strikethrough)', 'wp-editor' ), 265 'delClose' => __( 'Close deleted text tag', 'wp-editor' ), 266 'ins' => __( 'Inserted text', 'wp-editor' ), 267 'insClose' => __( 'Close inserted text tag', 'wp-editor' ), 268 'image' => __( 'Insert image', 'wp-editor' ), 269 'ul' => __( 'Bulleted list', 'wp-editor' ), 270 'ulClose' => __( 'Close bulleted list tag', 'wp-editor' ), 271 'ol' => __( 'Numbered list', 'wp-editor' ), 272 'olClose' => __( 'Close numbered list tag', 'wp-editor' ), 273 'li' => __( 'List item', 'wp-editor' ), 274 'liClose' => __( 'Close list item tag', 'wp-editor' ), 275 'code' => __( 'Code', 'wp-editor' ), 276 'codeClose' => __( 'Close code tag', 'wp-editor' ), 277 'more' => __( 'Insert Read More tag', 'wp-editor' ), 275 278 ) ); 276 279 wp_register_script( 'wpeditor', WPEDITOR_URL . 'js/wpeditor.js', false, WPEDITOR_VERSION_NUMBER ); 277 280 wp_localize_script( 'wpeditor', 'WPE', array( 278 'wp_editor_ajax_nonce_ajax_folders_themes' 279 'wp_editor_ajax_nonce_ajax_folders_plugins' 280 'wp_editor_ajax_nonce_save_files_themes' 281 'wp_editor_ajax_nonce_save_files_plugins' 281 'wp_editor_ajax_nonce_ajax_folders_themes' => wp_create_nonce( 'wp_editor_ajax_nonce_ajax_folders_themes' ), 282 'wp_editor_ajax_nonce_ajax_folders_plugins' => wp_create_nonce( 'wp_editor_ajax_nonce_ajax_folders_plugins' ), 283 'wp_editor_ajax_nonce_save_files_themes' => wp_create_nonce( 'wp_editor_ajax_nonce_save_files_themes' ), 284 'wp_editor_ajax_nonce_save_files_plugins' => wp_create_nonce( 'wp_editor_ajax_nonce_save_files_plugins' ) 282 285 ) ); 283 286 wp_register_script( 'wp-editor-posts-jquery', WPEDITOR_URL . 'js/posts-jquery.js', false, WPEDITOR_VERSION_NUMBER, true ); … … 338 341 } 339 342 343 public function wpe_version_number() { 344 if ( ! function_exists( 'get_plugin_data' ) ) { 345 require_once( ABSPATH . 'wp-admin/includes/plugin.php' ); 346 } 347 $plugin_data = get_plugin_data( WPEDITOR_PATH . '/wpeditor.php' ); 348 return $plugin_data['Version']; 349 } 340 350 } -
wp-editor/trunk/classes/WPEditorAjax.php
r3151053 r3269822 117 117 if ( file_exists( $real_file ) ) { 118 118 119 if ( is_writable( $real_file ) ) { 120 121 // phpcs:ignore HM.Security.ValidatedSanitizedInput.InputNotSanitized, (per WP Core editor) 122 $new_content = wp_unslash( $_POST['new_content'] ); 123 if ( file_get_contents( $real_file ) === $new_content ) { 124 WPEditorLog::log( '[' . basename(__FILE__) . ' - line ' . __LINE__ . "] Contents are the same" ); 119 if ( WPEditorBrowser::allowed_files(dirname($real_file), basename($real_file)) && ( WPEditorBrowser::is_theme_path($real_file) || WPEditorBrowser::is_plugin_path($real_file)) ) { 120 121 if ( is_writable( $real_file ) ) { 122 123 // phpcs:ignore HM.Security.ValidatedSanitizedInput.InputNotSanitized, (per WP Core editor) 124 $new_content = wp_unslash( $_POST['new_content'] ); 125 if ( file_get_contents( $real_file ) === $new_content ) { 126 WPEditorLog::log( '[' . basename(__FILE__) . ' - line ' . __LINE__ . "] Contents are the same" ); 127 } 128 else { 129 $f = fopen( $real_file, 'w+' ); 130 fwrite( $f, $new_content ); 131 fclose( $f ); 132 WPEditorLog::log( '[' . basename(__FILE__) . ' - line ' . __LINE__ . "] just wrote to $real_file" ); 133 } 125 134 } 126 135 else { 127 $f = fopen( $real_file, 'w+' ); 128 fwrite( $f, $new_content ); 129 fclose( $f ); 130 WPEditorLog::log( '[' . basename(__FILE__) . ' - line ' . __LINE__ . "] just wrote to $real_file" ); 136 $error = __( 'This file is not writable', 'wp-editor' ); 131 137 } 132 133 138 } 134 139 else { 135 $error = __( 'This file is not writable', 'wp-editor' );140 $error = __( 'This file path is not writable or file extension not allowed', 'wp-editor' ); 136 141 } 137 142 -
wp-editor/trunk/classes/WPEditorBrowser.php
r3151053 r3269822 253 253 mkdir( $complete_directory, 0777, true ); 254 254 } 255 255 256 256 if ( $_FILES["file-0"]["error"] > 0 ) { 257 257 $error_message = __( 'Return Code', 'wp-editor' ) . ": " . $_FILES["file-0"]["error"]; … … 396 396 397 397 public static function download_file( $file_path, $type ) { 398 if ( ( $type == 'theme' && current_user_can( 'edit_themes' ) ) || ( $type == 'plugin' && current_user_can( 'edit_plugins' )) ) {398 if ( self::allowed_files(dirname($file_path), basename($file_path)) && ( $type == 'theme' && current_user_can( 'edit_themes' ) && self::is_theme_path($file_path) ) || ( $type == 'plugin' && current_user_can( 'edit_plugins' ) && self::is_plugin_path($file_path)) ) { 399 399 $slash = '/'; 400 400 if ( WPWINDOWS ) { … … 517 517 } 518 518 519 public static function is_theme_path($file_path) { 520 // Get the WordPress theme root directory 521 $theme_root = get_theme_root(); 522 523 // Normalize paths for comparison 524 $theme_root = wp_normalize_path($theme_root); 525 $file_path = wp_normalize_path($file_path); 526 527 // Check if the file path starts with the theme root path 528 return strpos($file_path, $theme_root) === 0; 529 } 530 531 public static function is_plugin_path($file_path) { 532 // Get the WordPress plugin root directory 533 $plugin_root = WP_PLUGIN_DIR; 534 535 // Normalize paths for comparison 536 $plugin_root = wp_normalize_path($plugin_root); 537 $file_path = wp_normalize_path($file_path); 538 539 // Check if the file path starts with the plugin root path 540 return strpos($file_path, $plugin_root) === 0; 541 } 542 519 543 } -
wp-editor/trunk/readme.txt
r3151053 r3269822 5 5 Requires at least: 3.9 6 6 Tested up to: 6.4.3 7 Stable tag: 1.2.9. 17 Stable tag: 1.2.9.2 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 70 70 == Changelog == 71 71 72 = 1.2.9.2 = 73 * Sanitize ajax requests 74 72 75 = 1.2.9.1 = 73 76 * Sanitize inputs -
wp-editor/trunk/wpeditor.php
r3151053 r3269822 4 4 Plugin URI: http://wpeditor.net 5 5 Description: This plugin modifies the default behavior of the WordPress plugin and theme editors. 6 Version: 1.2.9. 16 Version: 1.2.9.2 7 7 Requires at least: 3.9 8 8 Author: Benjamin Rojas … … 58 58 define( 'WPEDITOR_URL', plugin_dir_url( WPEDITOR_PATH ) . basename( dirname( $plugin_file ) ) . '/' ); 59 59 60 // Define the WP Editor version number61 define( 'WPEDITOR_VERSION_NUMBER', wpe_version_number() );62 63 60 // IS_ADMIN is true when the dashboard or the administration panels are displayed 64 61 if ( ! defined( 'IS_ADMIN' ) ) { … … 72 69 73 70 define( 'WPWINDOWS', $windows ); 74 75 load_plugin_textdomain( 'wp-editor', false, '/' . basename(dirname(__FILE__)) . '/languages/' ); 71 72 // Load translations. 73 add_action( 'init', 'wpe_load_translations' ); 76 74 77 75 // Load the main WP Editor class … … 94 92 } 95 93 94 function wpe_load_translations() { 95 load_plugin_textdomain( 'wp-editor', false, '/' . basename(dirname(__FILE__)) . '/languages/' ); 96 } 97 96 98 function wpe_settings_link( $links, $file ) { 97 99 $thisFile = plugin_basename( WPEDITOR_PATH ) . '/' . basename( __FILE__ ); … … 102 104 return $links; 103 105 } 104 function wpe_version_number() {105 if ( ! function_exists( 'get_plugin_data' ) ) {106 require_once( ABSPATH . 'wp-admin/includes/plugin.php' );107 }108 $plugin_data = get_plugin_data( WPEDITOR_PATH . '/wpeditor.php' );109 return $plugin_data['Version'];110 }
Note: See TracChangeset
for help on using the changeset viewer.