X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/54fb5972b908f9c2b16cd82cee580bcf61565873..672d6bc6da735e745275ef7a86341dc1178da8d2:/wp-admin/theme-editor.php diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index b2788cf3..c7343a7a 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -1,24 +1,20 @@ '.__('You have do not have sufficient permissions to edit templates for this blog.').'
'); + wp_die(''.__('You do not have sufficient permissions to edit templates for this blog.').'
'); $newcontent = stripslashes($_POST['newcontent']); $theme = urlencode($theme); if (is_writeable($real_file)) { + //is_writable() not always reliable, check return value. see comments @ http://uk.php.net/is_writable $f = fopen($real_file, 'w+'); - fwrite($f, $newcontent); - fclose($f); - wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te"); + if ($f !== FALSE) { + fwrite($f, $newcontent); + fclose($f); + $location = "theme-editor.php?file=$file&theme=$theme&a=te"; + } else { + $location = "theme-editor.php?file=$file&theme=$theme"; + } } else { - wp_redirect("theme-editor.php?file=$file&theme=$theme"); + $location = "theme-editor.php?file=$file&theme=$theme"; } + $location = wp_kses_no_null($location); + $strip = array('%0d', '%0a', '%0D', '%0A'); + $location = _deep_replace($strip, $location); + header("Location: $location"); exit(); break; default: - - require_once('admin-header.php'); + if ( !current_user_can('edit_themes') ) - die(''.__('You have do not have sufficient permissions to edit themes for this blog.').'
'); + wp_die(''.__('You do not have sufficient permissions to edit themes for this blog.').'
'); + + require_once('admin-header.php'); update_recently_edited($file); - - if (!is_file($real_file)) + + if ( !is_file($real_file) ) $error = 1; - - if (!$error && filesize($real_file) > 0) { + + if ( !$error && filesize($real_file) > 0 ) { $f = fopen($real_file, 'r'); $content = fread($f, filesize($real_file)); - $content = htmlspecialchars($content); + + if ( '.php' == substr( $real_file, strrpos( $real_file, '.' ) ) ) { + $functions = wp_doc_link_parse( $content ); + + $docs_select = ''; + } + + $content = htmlspecialchars( $content ); + $codepress_lang = codepress_get_lang($real_file); } ?>