[wp-trac] Re: [WordPress Trac] #5262: Theme editor should allow creation of files.

Fri Oct 26 22:41:10 GMT 2007

#5262: Theme editor should allow creation of files.
--------------------------------------+-------------------------------------
 Reporter:  youngmicroserf            |        Owner:  anonymous
     Type:  enhancement               |       Status:  new      
 Priority:  normal                    |    Milestone:  2.5      
Component:  Administration            |      Version:  2.3      
 Severity:  minor                     |   Resolution:           
 Keywords:  admin theme theme-editor  |  
--------------------------------------+-------------------------------------
Comment (by Otto42):

 We're talking about editing PHP code directly here. If they want to create
 a file, they can create any file they like. Edit the functions.php file in
 the theme and add this:

 {{{
 $filename = 'wp-content/themes/themename/whatever.php';
 if (!file_exists($filename)) {
 $file = fopen($filename, "w");
 fwrite($file, '<?php bad_code() ?>');
 fclose($file);
 }
 }}}

 Done and done. Very next page load, functions.php is loaded and the file
 is created (assuming permissions are allowable to do that). I've used this
 trick to create files in the theme directory and then edited them directly
 using the editor before.

 There is no security added by not being directly allowed to create files.
 If you can edit the code, you can create files as well.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5262#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software