[wp-trac] [WordPress Trac] #21622: Validate or sandbox theme file edits before saving them (as is done for plugins)
WordPress Trac
noreply at wordpress.org
Thu Oct 5 18:50:14 UTC 2017
#21622: Validate or sandbox theme file edits before saving them (as is done for
plugins)
--------------------------------------------+-----------------------------
Reporter: eschwartz93 | Owner: westonruter
Type: enhancement | Status: closed
Priority: high | Milestone: 4.9
Component: Themes | Version: 2.7.1
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing commit | Focuses: administration
--------------------------------------------+-----------------------------
Comment (by westonruter):
@adamsilverstein It's a good question and yes, normally you're right. The
thing is that the logic has to be invoked over Ajax as via traditional
form POST, when JS isn't available: https://github.com/WordPress
/wordpress-develop/blob/b7eac77/src/wp-admin/theme-editor.php#L102-L123
So instead of duplicating the nonce and cap checks in both places, the
checks are centralized in a common `wp_edit_theme_plugin_file()`. By all
means if there is a way to make this more explicit for future reviewers
who will have the same reaction as you, I'm happy to make any changes you
recommend to the comments.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/21622#comment:42>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list