Fix file validation in theme editor. Props dd32. fixes #11032

git-svn-id: http://svn.automattic.com/wordpress/trunk@12310 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/includes/file.php

@@ -195,8 +195,6 @@ function wp_tempnam($filename = '', $dir = ''){
  * @return unknown
  */
 function validate_file_to_edit( $file, $allowed_files = '' ) {
-	$file = stripslashes( $file );
-
 	$code = validate_file( $file, $allowed_files );
 
 	if (!$code )
@@ -206,8 +204,8 @@ function validate_file_to_edit( $file, $allowed_files = '' ) {
 		case 1 :
 			wp_die( __('Sorry, can’t edit files with “..” in the name. If you are trying to edit a file in your WordPress home directory, you can just type the name of the file in.' ));
 
-		case 2 :
-			wp_die( __('Sorry, can’t call files with their real path.' ));
+		//case 2 :
+		//	wp_die( __('Sorry, can’t call files with their real path.' ));
 
 		case 3 :
 			wp_die( __('Sorry, that file cannot be edited.' ));

wp-admin/plugin-editor.php

@@ -22,7 +22,7 @@ wp_admin_css( 'theme-editor' );
 $plugins = get_plugins();
 
 if ( isset($_REQUEST['file']) )
-	$plugin = $_REQUEST['file'];
+	$plugin = stripslashes($_REQUEST['file']);
 
 if ( empty($plugin) ) {
 	$plugin = array_keys($plugins);
@@ -33,6 +33,8 @@ $plugin_files = get_plugin_files($plugin);
 
 if ( empty($file) )
 	$file = $plugin_files[0];
+else
+	$file = stripslashes($file);
 
 $file = validate_file_to_edit($file, $plugin_files);
 $real_file = WP_PLUGIN_DIR . '/' . $file;

wp-admin/theme-editor.php

@@ -35,6 +35,7 @@ $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme
 if (empty($file)) {
 	$file = $allowed_files[0];
 } else {
+	$file = stripslashes($file);
 	if ( 'theme' == $dir ) {
 		$file = dirname(dirname($themes[$theme]['Template Dir'])) . $file ; 
 	} else if ( 'style' == $dir) {
@@ -42,9 +43,8 @@ if (empty($file)) {
 	}
 }
 
-$real_file = validate_file_to_edit($file, $allowed_files);
+validate_file_to_edit($file, $allowed_files);
 $scrollto = isset($_REQUEST['scrollto']) ? (int) $_REQUEST['scrollto'] : 0;
-
 $file_show = basename( $file );
 
 switch($action) {
@@ -55,9 +55,9 @@ case 'update':
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	$theme = urlencode($theme);
-	if (is_writeable($real_file)) {
+	if (is_writeable($file)) {
 		//is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable
-		$f = fopen($real_file, 'w+');
+		$f = fopen($file, 'w+');
 		if ($f !== FALSE) {
 			fwrite($f, $newcontent);
 			fclose($f);
@@ -83,14 +83,14 @@ default:
 
 	update_recently_edited($file);
 
-	if ( !is_file($real_file) )
+	if ( !is_file($file) )
 		$error = 1;
 
-	if ( !$error && filesize($real_file) > 0 ) {
-		$f = fopen($real_file, 'r');
-		$content = fread($f, filesize($real_file));
+	if ( !$error && filesize($file) > 0 ) {
+		$f = fopen($file, 'r');
+		$content = fread($f, filesize($file));
 
-		if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) {
+		if ( '.php' == substr( $file, strrpos( $file, '.' ) ) ) {
 			$functions = wp_doc_link_parse( $content );
 
 			$docs_select = '<select name="docs-list" id="docs-list">';
@@ -102,7 +102,7 @@ default:
 		}
 
 		$content = htmlspecialchars( $content );
-		$codepress_lang = codepress_get_lang($real_file);
+		$codepress_lang = codepress_get_lang($file);
 	}
 
 	?>
@@ -212,7 +212,7 @@ if ($allowed_files) :
 	<?php } ?>
 
 		<div>
-<?php if ( is_writeable($real_file) ) : ?>
+<?php if ( is_writeable($file) ) : ?>
 			<p class="submit">
 <?php
 	echo "<input type='submit' name='submit' class='button-primary' value='" . esc_attr__('Update File') . "' tabindex='2' />";

wp-includes/functions.php

@@ -3068,12 +3068,12 @@ function validate_file( $file, $allowed_files = '' ) {
 	if ( false !== strpos( $file, './' ))
 		return 1;
 
-	if (':' == substr( $file, 1, 1 ))
-		return 2;
-
 	if (!empty ( $allowed_files ) && (!in_array( $file, $allowed_files ) ) )
 		return 3;
 
+	if (':' == substr( $file, 1, 1 ))
+		return 2;
+
 	return 0;
 }