[wp-trac] [WordPress Trac] #4787: PHP files in wp-content/plugins unconditionnaly take over their Dashboard homonyms

WordPress Trac wp-trac at lists.automattic.com
Tue Aug 21 12:23:06 GMT 2007 

#4787: PHP files in wp-content/plugins unconditionnaly take over their Dashboard
homonyms
----------------------------+-----------------------------------------------
 Reporter:  Ozh             |       Owner:  anonymous                          
     Type:  defect          |      Status:  new                                
 Priority:  normal          |   Milestone:  2.3 (trunk)                        
Component:  Administration  |     Version:                                     
 Severity:  normal          |    Keywords:  dashboard plugin override has-patch
----------------------------+-----------------------------------------------
 == Problem ==

 Putting in ''wp-content/plugins'' a file that has the same name as a file
 in ''wp-admin/'' (for instance ''index.php'' as an attempt to hide the
 plugins directory content, or ''themes.php'' or whatever) overrides the
 original Dashboard page.

 If this is a feature (allow a plugin to take over a Dashboard page), which
 might be cool after all, then before letting it doing so, we need to check
 that the file is an activated plugin.


 == Proposal ==


 '''1)''' 2 new functions to be included in ''wp-
 admin/includes/plugin.php''


 {{{
 /**
  * Checks if a file is (seems to be) a plugin (Ozh)
  *
  * @param string $plugin_file The filename of plugin (full path)
  * @return boolean
  */
 function is_pluginfile($plugin_file) {
         if ( !is_readable( $plugin_file ) || substr($plugin_file, -4) !=
 '.php' )
                 return false;

         $plugin_data = get_plugin_data( $plugin_file );

         if ( empty ( $plugin_data['Name'] ) )
                 return false;

         return true;
 }

 /**
  * Checks if a plugin is activated (Ozh)
  *
  * Checks first if the file is (seems to be) a plugin
  * @param string $plugin_file The filename of plugin (full path, or
 relative path to plugins dir as stored in options table under
 'plugins_activated')
  * @return boolean
  */
 function is_activatedplugin($plugin_file) {
         if ( get_option('active_plugins') ) {
                 $current_plugins = get_option('active_plugins');
         } else {
                 return false;
         }

         $plugin_root = ABSPATH . PLUGINDIR;
         // $plugin_file can be a full or relative filename path, so
 sanitize it and make it always relative
         $plugin_file = plugin_basename($plugin_file);

         if ( is_pluginfile($plugin_root .'/'. $plugin_file) &&
 in_array($plugin_file, $current_plugins) ) {
                 return true;
         } else {
                 return false;
         }
 }
 }}}


 '''2)''' Modification of ''wp-admin/menu-header.php''

 Replace every ''file_exists'' with ''is_activatedplugin''[[BR]]
 (sorry, no svn or patch on this computer)

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4787>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list