[wp-trac] [WordPress Trac] #11032: Theme editor is not accessible
WordPress Trac
wp-trac at lists.automattic.com
Fri Nov 27 11:14:10 UTC 2009
#11032: Theme editor is not accessible
--------------------------+-------------------------------------------------
Reporter: pavelevap | Owner: westi
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future Release
Component: Themes | Version: 2.9
Severity: normal | Keywords: reporter-feedback
--------------------------+-------------------------------------------------
Comment(by toemon):
I'm sorry by poor English.
I tested with XAMPP on Windows OS.
The value of $file and $allowed_files is the full paths on WP2.9. in
theme-editor.php
{{{
$file = C:\xampp\htdocs\wordpress/wp-content/themes/default/rtl.css
$allowed_files[0] = C:\xampp\htdocs\wordpress/wp-
content/themes/default/rtl.css
$allowed_files[1] = C:\xampp\htdocs\wordpress/wp-
content/themes/default/style.css
.
.
$allowed_files[17] = C:\xampp\htdocs\wordpress/wp-
content/themes/default/images/header-img.php
}}}
In wp-admin/theme-editor.php
{{{
$allowed_files = array_merge($themes[$theme]['Stylesheet Files'],
$themes[$theme]['Template Files']);
if (empty($file)) {
$file = $allowed_files[0];
} else {
if ( 'theme' == $dir ) {
$file = dirname(dirname($themes[$theme]['Template Dir']))
. $file ;
} else if ( 'style' == $dir) {
$file = dirname(dirname($themes[$theme]['Stylesheet
Dir'])) . $file ;
}
}
$real_file = validate_file_to_edit($file, $allowed_files);
}}}
stripslashes() removes '\'.
{{{
$file= C:xampphtdocswordpress/wp-content/themes/default/rtl.css
}}}
And, validate_file() returns value 1.
When '\' is not removed.
Validate_file() returns value 2 because there is character ';'
In wp-admin/include/file.php
{{{
function validate_file_to_edit( $file, $allowed_files = '' ) {
$file = stripslashes( $file );
$code = validate_file( $file, $allowed_files );
if (!$code )
return $file;
switch ( $code ) {
case 1 :
wp_die( __('Sorry, can’t edit files with
“..” in the name. If you are trying to edit a file in your
WordPress home directory, you can just type the name of the file in.' ));
case 2 :
wp_die( __('Sorry, can’t call files with
their real path.' ));
case 3 :
wp_die( __('Sorry, that file cannot be edited.'
));
}
}
}}}
In wp-includes/functions.php
{{{
function validate_file( $file, $allowed_files = '' ) {
if ( false !== strpos( $file, '..' ))
return 1;
if ( false !== strpos( $file, './' ))
return 1;
if (':' == substr( $file, 1, 1 ))
return 2;
if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files
) ) )
return 3;
return 0;
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11032#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list