Theme, plugin, and file editing cleanup. Work in progress.

git-svn-id: https://develop.svn.wordpress.org/trunk@1858 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren 2004-11-17 03:15:44 +00:00
parent 70fdfb4785
commit 464d959270
5 changed files with 305 additions and 170 deletions

View File

@ -729,4 +729,88 @@ function add_options_page($page_title, $menu_title, $access_level, $file) {
$submenu['options-general.php'][] = array($menu_title, $access_level, $file, $page_title); $submenu['options-general.php'][] = array($menu_title, $access_level, $file, $page_title);
} }
function validate_file_to_edit($file, $allowed_files = '') {
if ('..' == substr($file,0,2))
die (__('Sorry, can’t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
if (':' == substr($file,1,1))
die (__('Sorry, can’t call files with their real path.'));
if ( !empty($allowed_files) && (! in_array($file, $allowed_files)) ) {
die (__('Sorry, that file cannot be edited.'));
}
$file = stripslashes($file);
return $file;
}
function get_real_file_to_edit($file) {
$home = get_settings('home');
if (($home != '')
&& ($home != get_settings('siteurl')) &&
('index.php' == $file || get_settings('blogfilename') == $file ||
'.htaccess' == $file)) {
$home_root = parse_url($home);
$home_root = $home_root['path'];
$root = str_replace($_SERVER["PHP_SELF"], '', $_SERVER["PATH_TRANSLATED"]);
$home_root = $root . $home_root;
$real_file = $home_root . '/' . $file;
} else {
$real_file = ABSPATH . $file;
}
return $real_file;
}
$wp_file_descriptions = array('index.php' => __('Main Template'),
'wp-layout.css' => __('Stylesheet'),
'style.css' => __('Stylesheet'),
'wp-comments.php' => __('Comments Template'),
'comments.php' => __('Comments Template'),
'wp-comments-popup.php' => __('Popup Comments Template'),
'comments-popup.php' => __('Popup Comments Template'),
'wp-footer.php' => __('Footer Template'),
'footer.php' => __('Footer Template'),
'wp-header.php' => __('Header Template'),
'header.php' => __('Header Template'),
'wp-sidebar.php' => __('Sidebar Template'),
'sidebar.php' => __('Sidebar Template'),
'archive.php' => __('Archive Template'),
'category.php' => __('Category Template'),
'page.php' => __('Page Template'),
'search.php' => __('Search Template'),
'single.php' => __('Post Template'),
'404.php' => __('404 Template'),
'my-hacks.php' => __('my-hacks.php (legacy hacks support)'),
'.htaccess' => __('.htaccess (for rewrite rules)')
);
function get_file_description($file) {
global $wp_file_descriptions;
if (isset($wp_file_descriptions[$file])) {
return $wp_file_descriptions[$file];
}
return $file;
}
function update_recently_edited($file) {
$oldfiles = (array) get_option('recently_edited');
if ($oldfiles) {
$oldfiles = array_reverse($oldfiles);
$oldfiles[] = $file;
$oldfiles = array_reverse($oldfiles);
$oldfiles = array_unique($oldfiles);
if ( 5 < count($oldfiles) )
array_pop($oldfiles);
} else {
$oldfiles[] = $file;
}
update_option('recently_edited', $oldfiles);
}
?> ?>

View File

@ -24,6 +24,7 @@ $submenu['edit.php'][15] = array(__('Categories'), 1, 'categories.php');
$submenu['edit.php'][20] = array(__('Comments'), 1, 'edit-comments.php'); $submenu['edit.php'][20] = array(__('Comments'), 1, 'edit-comments.php');
$awaiting_mod = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'"); $awaiting_mod = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_approved = '0'");
$submenu['edit.php'][25] = array(sprintf(__("Awaiting Moderation (%s)"), $awaiting_mod), 1, 'moderation.php'); $submenu['edit.php'][25] = array(sprintf(__("Awaiting Moderation (%s)"), $awaiting_mod), 1, 'moderation.php');
$submenu['edit.php'][30] = array(__('Files'), 5, 'templates.php');
$submenu['link-manager.php'][5] = array(__('Manage Links'), 5, 'link-manager.php'); $submenu['link-manager.php'][5] = array(__('Manage Links'), 5, 'link-manager.php');
$submenu['link-manager.php'][10] = array(__('Add Link'), 5, 'link-add.php'); $submenu['link-manager.php'][10] = array(__('Add Link'), 5, 'link-add.php');
@ -40,9 +41,11 @@ $submenu['options-general.php'][20] = array(__('Discussion'), 5, 'options-discus
$submenu['options-general.php'][25] = array(__('Permalinks'), 5, 'options-permalink.php'); $submenu['options-general.php'][25] = array(__('Permalinks'), 5, 'options-permalink.php');
$submenu['options-general.php'][30] = array(__('Miscellaneous'), 5, 'options-misc.php'); $submenu['options-general.php'][30] = array(__('Miscellaneous'), 5, 'options-misc.php');
$submenu['plugins.php'][5] = array(__('Plugins'), 5, 'plugins.php');
$submenu['plugins.php'][10] = array(__('Plugin Editor'), 5, 'plugin-editor.php');
$submenu['themes.php'][5] = array(__('Themes'), 5, 'themes.php'); $submenu['themes.php'][5] = array(__('Themes'), 5, 'themes.php');
$submenu['themes.php'][10] = array(__('Theme Editor'), 5, 'theme-editor.php'); $submenu['themes.php'][10] = array(__('Theme Editor'), 5, 'theme-editor.php');
$submenu['themes.php'][15] = array(__('Other Files'), 5, 'templates.php');
do_action('admin_menu', ''); do_action('admin_menu', '');

138
wp-admin/plugin-editor.php Normal file
View File

@ -0,0 +1,138 @@
<?php
require_once('admin.php');
$title = __("Edit Plugins");
$parent_file = 'plugins.php';
$wpvarstoreset = array('action','redirect','profile','error','warning','a','file');
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
if (empty($_POST["$wpvar"])) {
if (empty($_GET["$wpvar"])) {
$$wpvar = '';
} else {
$$wpvar = $_GET["$wpvar"];
}
} else {
$$wpvar = $_POST["$wpvar"];
}
}
}
$plugins_dir = @ dir(ABSPATH . 'wp-content/plugins');
if ($plugins_dir) {
while(($plug_file = $plugins_dir->read()) !== false) {
if ( !preg_match('|^\.+$|', $plug_file) && preg_match('|\.php$|', $plug_file) )
$plugin_files[] = "wp-content/plugins/$plug_file";
}
}
if (count($plugin_files)) {
natcasesort($plugin_files);
}
if (file_exists(ABSPATH . 'my-hacks.php')) {
$plugin_files[] = 'my-hacks.php';
}
if (empty($file)) {
$file = $plugin_files[0];
}
$file = validate_file_to_edit($file, $plugin_files);
$real_file = get_real_file_to_edit($file);
switch($action) {
case 'update':
if ($user_level < 5) {
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
}
$newcontent = stripslashes($_POST['newcontent']);
if (is_writeable($real_file)) {
$f = fopen($real_file, 'w+');
fwrite($f, $newcontent);
fclose($f);
header("Location: plugin-editor.php?file=$file&a=te");
} else {
header("Location: plugin-editor.php?file=$file");
}
exit();
break;
default:
require_once('admin-header.php');
if ($user_level <= 5) {
die(__('<p>You have do not have sufficient permissions to edit plugins for this blog.</p>'));
}
update_recently_edited($file);
if (!is_file($real_file))
$error = 1;
if (!$error) {
$f = fopen($real_file, 'r');
$content = fread($f, filesize($real_file));
$content = htmlspecialchars($content);
}
?>
<?php if (isset($_GET['a'])) : ?>
<div class="updated"><p><?php _e('File edited successfully.') ?></p></div>
<?php endif; ?>
<div class="wrap">
<?php
if (is_writeable($real_file)) {
echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), $file) . '</h2>';
} else {
echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), $file) . '</h2>';
}
?>
<div id="templateside">
<h3><?php _e('Plugin files') ?></h3>
<?php
if ($plugin_files) :
?>
<ul>
<?php foreach($plugin_files as $plugin_file) : ?>
<li><a href="plugin-editor.php?file=<?php echo "$plugin_file"; ?>"><?php echo get_file_description(basename($plugin_file)); ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="plugin-editor.php" method="post">
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />
</div>
<?php if ( is_writeable($real_file) ) : ?>
<p class="submit">
<?php
echo "<input type='submit' name='submit' value=' " . __('Update File') . " &raquo;' tabindex='2' />";
?>
</p>
<?php else : ?>
<p><em><?php _e('If this file was writable you could edit it.'); ?></em></p>
<?php endif; ?>
</form>
<?php
} else {
echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>';
}
?>
</div>
<?php
break;
}
include("admin-footer.php") ?>

View File

@ -1,23 +1,7 @@
<?php <?php
require_once('admin.php'); require_once('admin.php');
$title = __('Template &amp; file editing'); $title = __('Template &amp; file editing');
$parent_file = 'themes.php'; $parent_file = 'edit.php';
function validate_file($file) {
if ('..' == substr($file,0,2))
die (__('Sorry, can&#8217;t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
if (':' == substr($file,1,1))
die (__('Sorry, can&#8217;t call files with their real path.'));
if ('/' == substr($file,0,1))
$file = '.' . $file;
$file = stripslashes($file);
$file = str_replace('../', '', $file);
return $file;
}
$wpvarstoreset = array('action','redirect','profile','error','warning','a','file'); $wpvarstoreset = array('action','redirect','profile','error','warning','a','file');
for ($i=0; $i<count($wpvarstoreset); $i += 1) { for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@ -35,6 +19,13 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
} }
} }
if (empty($file)) {
$file = 'index.php';
}
$file = validate_file_to_edit($file);
$real_file = get_real_file_to_edit($file);
switch($action) { switch($action) {
case 'update': case 'update':
@ -44,17 +35,14 @@ case 'update':
} }
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
$file = $_POST['file']; if (is_writeable($real_file)) {
$file = validate_file($file); $f = fopen($real_file, 'w+');
$real_file = '../' . $file; fwrite($f, $newcontent);
if (is_writeable($real_file)) { fclose($f);
$f = fopen($real_file, 'w+'); header("Location: templates.php?file=$file&a=te");
fwrite($f, $newcontent); } else {
fclose($f); header("Location: templates.php?file=$file");
header("Location: templates.php?file=$file&a=te"); }
} else {
header("Location: templates.php?file=$file");
}
exit(); exit();
@ -67,37 +55,8 @@ default:
die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit templates for this blog.</p>'));
} }
if ('' == $file) { update_recently_edited($file);
$file = 'index.php';
} else {
$oldfiles = (array) get_option('recently_edited');
if ($oldfiles) {
$oldfiles = array_reverse($oldfiles);
$oldfiles[] = $file;
$oldfiles = array_reverse($oldfiles);
$oldfiles = array_unique($oldfiles);
if ( 5 < count($oldfiles) )
array_pop($oldfiles);
} else {
$oldfiles[] = $file;
}
update_option('recently_edited', $oldfiles);
}
$home = get_settings('home');
if (($home != '' && $home != get_settings('siteurl')) &&
('index.php' == $file || get_settings('blogfilename') == $file ||
'.htaccess' == $file)) {
$home_root = parse_url($home);
$home_root = $home_root['path'];
$root = str_replace($_SERVER['PHP_SELF'], '', $_SERVER['PATH_TRANSLATED']);
$home_root = $root . $home_root;
$real_file = $home_root . '/' . $file;
} else {
$file = validate_file($file);
$real_file = '../' . $file;
}
if (!is_file($real_file)) if (!is_file($real_file))
$error = 1; $error = 1;
@ -127,21 +86,18 @@ if ( $recents = get_option('recently_edited') ) :
<?php <?php
echo '<ol>'; echo '<ol>';
foreach ($recents as $recent) : foreach ($recents as $recent) :
$display = preg_replace('|.*/(.*)$|', '$1', $recent); echo "<li><a href='templates.php?file=$recent'>" . get_file_description(basename($recent)) . "</a>";
echo "<li><a href='templates.php?file=$recent'>$display</a>";
endforeach; endforeach;
echo '</ol>'; echo '</ol>';
endif; endif;
?> ?>
<h3><?php _e('Common'); ?></h3> <h3><?php _e('Common'); ?></h3>
<?php $common_files = array('index.php', 'wp-layout.css', 'wp-comments.php', 'wp-comments-popup.php', '.htaccess', 'my-hacks.php'); ?>
<ul> <ul>
<li><a href="templates.php?file=index.php"><?php _e('Main Index') ?></a></li> <?php foreach ($common_files as $common_file) : ?>
<li><a href="templates.php?file=wp-layout.css"><?php _e('Main Stylesheet') ?></a></li> <li><a href="templates.php?file=<?php echo $common_file?>"><?php echo get_file_description($common_file); ?></a></li>
<li><a href="templates.php?file=wp-comments.php"><?php _e('Comments') ?></a></li> <? endforeach; ?>
<li><a href="templates.php?file=wp-comments-popup.php"><?php _e('Popup comments') ?></a></li> </ul>
<li><a href="templates.php?file=.htaccess"><?php _e('.htaccess (for rewrite rules)') ?></a></li>
<li><a href="templates.php?file=my-hacks.php"><?php _e('my-hacks.php (legacy hacks support)') ?></a></li>
</ul>
</div> </div>
<?php if (!$error) { ?> <?php if (!$error) { ?>
<form name="template" id="template" action="templates.php" method="post"> <form name="template" id="template" action="templates.php" method="post">
@ -174,23 +130,6 @@ endif;
<input type="submit" name="submit" value="<?php _e('Edit file &raquo;') ?>" /> <input type="submit" name="submit" value="<?php _e('Edit file &raquo;') ?>" />
</form> </form>
<?php
$plugins_dir = @ dir(ABSPATH . 'wp-content/plugins');
if ($plugins_dir) {
while(($file = $plugins_dir->read()) !== false) {
if ( !preg_match('|^\.+$|', $file) && preg_match('|\.php$|', $file) )
$plugin_files[] = $file;
}
}
if ($plugins_dir || $plugin_files) :
?>
<p>Plugin files:</p>
<ul>
<?php foreach($plugin_files as $plugin_file) : ?>
<li><a href="templates.php?file=wp-content/plugins/<?php echo $plugin_file; ?>"><?php echo $plugin_file; ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<p><?php _e('Note: of course, you can also edit the files/templates in your text editor of choice and upload them. This online editor is only meant to be used when you don&#8217;t have access to a text editor or FTP client.') ?></p> <p><?php _e('Note: of course, you can also edit the files/templates in your text editor of choice and upload them. This online editor is only meant to be used when you don&#8217;t have access to a text editor or FTP client.') ?></p>
</div> </div>
<?php <?php

View File

@ -1,25 +1,9 @@
<?php <?php
require_once('admin.php'); require_once('admin.php');
$title = __("Template &amp; file editing"); $title = __("Edit Themes");
$parent_file = 'themes.php'; $parent_file = 'themes.php';
function validate_file($file) {
if ('..' == substr($file,0,2))
die (__('Sorry, can&#8217;t edit files with ".." in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.'));
if (':' == substr($file,1,1))
die (__('Sorry, can&#8217;t call files with their real path.'));
if ('/' == substr($file,0,1))
$file = '.' . $file;
$file = stripslashes($file);
$file = str_replace('../', '', $file);
return $file;
}
$wpvarstoreset = array('action','redirect','profile','error','warning','a','file', 'theme'); $wpvarstoreset = array('action','redirect','profile','error','warning','a','file', 'theme');
for ($i=0; $i<count($wpvarstoreset); $i += 1) { for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i]; $wpvar = $wpvarstoreset[$i];
@ -36,6 +20,21 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
} }
} }
$themes = get_themes();
if (empty($theme)) {
$theme = get_current_theme();
}
$allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $allowed_files, $themes[$theme]['Template Files']);
if (empty($file)) {
$file = $allowed_files[0];
}
$file = validate_file_to_edit($file, $allowed_files);
$real_file = get_real_file_to_edit($file);
switch($action) { switch($action) {
case 'update': case 'update':
@ -45,17 +44,14 @@ case 'update':
} }
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
$file = $_POST['file']; if (is_writeable($real_file)) {
$file = validate_file($file); $f = fopen($real_file, 'w+');
$real_file = '../' . $file; fwrite($f, $newcontent);
if (is_writeable($real_file)) { fclose($f);
$f = fopen($real_file, 'w+'); header("Location: theme-editor.php?file=$file&a=te");
fwrite($f, $newcontent); } else {
fclose($f); header("Location: theme-editor.php?file=$file");
header("Location: theme-editor.php?file=$file&a=te"); }
} else {
header("Location: theme-editor.php?file=$file");
}
exit(); exit();
@ -67,34 +63,8 @@ default:
if ($user_level <= 5) { if ($user_level <= 5) {
die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>')); die(__('<p>You have do not have sufficient permissions to edit themes for this blog.</p>'));
} }
$themes = get_themes();
if (! isset($theme) || empty($theme)) { update_recently_edited($file);
$theme = get_current_theme();
}
$stylesheet_files = $themes[$theme]['Stylesheet Files'];
$template_files = $themes[$theme]['Template Files'];
if ('' == $file) {
$file = $stylesheet_files[0];
}
$home = get_settings('home');
if (($home != '')
&& ($home != get_settings('siteurl')) &&
('index.php' == $file || get_settings('blogfilename') == $file ||
'.htaccess' == $file)) {
$home_root = parse_url($home);
$home_root = $home_root['path'];
$root = str_replace($_SERVER["PHP_SELF"], '', $_SERVER["PATH_TRANSLATED"]);
$home_root = $root . $home_root;
$real_file = $home_root . '/' . $file;
} else {
$file = validate_file($file);
$real_file = '../' . $file;
}
if (!is_file($real_file)) if (!is_file($real_file))
$error = 1; $error = 1;
@ -128,24 +98,43 @@ default:
<div class="wrap"> <div class="wrap">
<?php <?php
echo "<p>" . sprintf(__('Editing <strong>%s</strong>'), $file) . "</p>"; if (is_writeable($real_file)) {
echo '<h2>' . sprintf(__('Editing <strong>%s</strong>'), $file) . '</h2>';
} else {
echo '<h2>' . sprintf(__('Browsing <strong>%s</strong>'), $file) . '</h2>';
}
?>
<div id="templateside">
<h3><?php printf(__("<strong>'%s'</strong> theme files"), $theme) ?></h3>
<?php
if ($allowed_files) :
?>
<ul>
<?php foreach($allowed_files as $allowed_file) : ?>
<li><a href="theme-editor.php?file=<?php echo "$allowed_file"; ?>&amp;theme=<?php echo urlencode($theme) ?>"><?php echo get_file_description(basename($allowed_file)); ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
</div>
<?php
if (!$error) { if (!$error) {
?> ?>
<form name="template" action="theme-editor.php" method="post"> <form name="template" id="template" action="theme-editor.php" method="post">a
<textarea cols="80" rows="21" style="width:95%; margin-right: 10em; font-family: 'Courier New', Courier, monopace; font-size:small;" name="newcontent" tabindex="1"><?php echo $content ?></textarea> <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" /> <input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" /> <input type="hidden" name="file" value="<?php echo $file ?>" />
<input type="hidden" name="theme" value="<?php echo $theme ?>" /> <input type="hidden" name="theme" value="<?php echo $theme ?>" />
</div>
<?php if ( is_writeable($real_file) ) : ?>
<p class="submit"> <p class="submit">
<?php <?php
if (is_writeable($real_file)) { echo "<input type='submit' name='submit' value=' " . __('Update File') . " &raquo;' tabindex='2' />";
echo "<input type='submit' name='submit' value='Update File &raquo;' tabindex='2' />"; ?>
} else {
echo "<input type='button' name='oops' value='" . __('(You cannot update that file/template: must make it writable, e.g. CHMOD 666)') ."' tabindex='2' />";
}
?>
</p> </p>
<?php else : ?>
<p><em><?php _e('If this file was writable you could edit it.'); ?></em></p>
<?php endif; ?>
</form> </form>
<?php <?php
} else { } else {
@ -153,25 +142,7 @@ default:
} }
?> ?>
</div> </div>
<div class="wrap">
<?php <?php
if ($template_files || $stylesheet_files) :
?>
<p><?php printf(__('<strong>%s</strong> theme files:'), $theme) ?></p>
<ul>
<?php foreach($stylesheet_files as $stylesheet_file) : ?>
<li><a href="theme-editor.php?file=<?php echo "$stylesheet_file"; ?>&amp;theme=<?php echo $theme; ?>"><?php echo basename($stylesheet_file); ?></a></li>
<?php endforeach; ?>
<?php foreach($template_files as $template_file) : ?>
<li><a href="theme-editor.php?file=<?php echo "$template_file"; ?>&amp;theme=<?php echo $theme; ?>"><?php echo basename($template_file); ?></a></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<p><?php _e('Note: of course, you can also edit the files/templates in your text editor of choice and upload them. This online editor is only meant to be used when you don&#8217;t have access to a text editor or FTP client.') ?></p>
</div>
<?php
break; break;
} }