[wp-trac] [WordPress Trac] #21622: Validate or sandbox theme file edits before saving them (as is done for plugins)

WordPress Trac noreply at wordpress.org
Wed Oct 4 00:19:20 UTC 2017


#21622: Validate or sandbox theme file edits before saving them (as is done for
plugins)
--------------------------------------------+-----------------------------
 Reporter:  eschwartz93                     |       Owner:  westonruter
     Type:  enhancement                     |      Status:  closed
 Priority:  high                            |   Milestone:  4.9
Component:  Themes                          |     Version:  2.7.1
 Severity:  normal                          |  Resolution:  fixed
 Keywords:  has-patch needs-testing commit  |     Focuses:  administration
--------------------------------------------+-----------------------------
Changes (by westonruter):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 In [changeset:"41721"]:
 {{{
 #!CommitTicketReference repository="" revision="41721"
 File Editors: Introduce sandboxed live editing of PHP files with rollbacks
 for both themes and plugins.

 * Edits to active plugins which cause PHP fatal errors will no longer
 auto-deactivate the plugin. Supersedes #39766.
 * Introduce sandboxed PHP file edits for active themes, preventing
 accidental whitescreening of a user's site when introducing a fatal error.
 * After writing a change to a PHP file for an active theme or plugin,
 perform loopback requests on the file editor admin screens and the
 homepage to check for fatal errors. If a fatal error is encountered, roll
 back the edited file and display the error to the user to fix and try
 again.
 * Introduce a secure way to scrape PHP fatal errors from a site via
 `wp_start_scraping_edited_file_errors()` and
 `wp_finalize_scraping_edited_file_errors()`.
 * Moves file modifications from `theme-editor.php` and `plugin-editor.php`
 to common `wp_edit_theme_plugin_file()` function.
 * Refactor themes and plugin editors to submit file changes via Ajax
 instead of doing full page refreshes when JS is available.
 * Use `get` method for theme/plugin dropdowns.
 * Improve styling of plugin editors, including width of plugin/theme
 dropdowns.
 * Improve notices API for theme/plugin editor JS component.
 * Strip common base directory from plugin file list. See #24048.
 * Factor out functions to list editable file types in
 `wp_get_theme_file_editable_extensions()` and
 `wp_get_plugin_file_editable_extensions()`.
 * Scroll to line in editor that has linting error when attempting to save.
 See #41886.
 * Add checkbox to dismiss lint errors to proceed with saving. See #41887.
 * Only style the Update File button as disabled instead of actually
 disabling it for accessibility reasons.
 * Ensure that value from CodeMirror is used instead of `textarea` when
 CodeMirror is present.
 * Add "Are you sure?" check when leaving editor when there are unsaved
 changes.

 Supersedes [41560].
 See #39766, #24048, #41886.
 Props westonruter, Clorith, melchoyce, johnbillion, jjj, jdgrimes, azaozz.
 Fixes #21622, #41887.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/21622#comment:38>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list