[wp-trac] [WordPress Trac] #21622: Validate or sandbox theme file edits before saving them (as is done for plugins)
WordPress Trac
noreply at wordpress.org
Thu Oct 5 03:04:30 UTC 2017
#21622: Validate or sandbox theme file edits before saving them (as is done for
plugins)
--------------------------------------------+-----------------------------
Reporter: eschwartz93 | Owner: westonruter
Type: enhancement | Status: closed
Priority: high | Milestone: 4.9
Component: Themes | Version: 2.7.1
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing commit | Focuses: administration
--------------------------------------------+-----------------------------
Changes (by westonruter):
* status: reopened => closed
* resolution: => fixed
Comment:
@adamsilverstein The nonce and cap checks are handled inside of
`wp_edit_theme_plugin_file()`. Per the comment on
[https://github.com/WordPress/wordpress-
develop/blob/f23be16bd24e18b82fa5955baacc49d107372d7f/src/wp-
admin/includes/ajax-actions.php#L3977 this line]:
{{{
// Validation of args is done in wp_edit_theme_plugin_file().
}}}
See `wp_edit_theme_plugin_file()` for the nonce and cap checks:
https://github.com/WordPress/wordpress-
develop/blob/f23be16bd24e18b82fa5955baacc49d107372d7f/src/wp-
admin/includes/file.php#L313-L544
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21622#comment:40>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list