X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/ff81ee6e8304a1982a3ec4f5b134764a29d502cf..refs/tags/wordpress-2.3.3:/wp-admin/theme-editor.php
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index 8ed51079..5541f312 100644
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -4,21 +4,7 @@ require_once('admin.php');
$title = __("Edit Themes");
$parent_file = 'themes.php';
-$wpvarstoreset = array('action','redirect','profile','error','warning','a','file', 'theme');
-for ($i=0; $i
'.__('You do not have sufficient permissions to edit templates for this blog.').'
'); $newcontent = stripslashes($_POST['newcontent']); $theme = urlencode($theme); @@ -56,26 +44,31 @@ case 'update': $f = fopen($real_file, 'w+'); fwrite($f, $newcontent); fclose($f); - header("Location: theme-editor.php?file=$file&theme=$theme&a=te"); + $location = "theme-editor.php?file=$file&theme=$theme&a=te"; } else { - header("Location: theme-editor.php?file=$file&theme=$theme"); + $location = "theme-editor.php?file=$file&theme=$theme"; } + $location = wp_kses_no_null($location); + $strip = array('%0d', '%0a'); + $location = str_replace($strip, '', $location); + header("Location: $location"); exit(); break; default: - - require_once('admin-header.php'); + if ( !current_user_can('edit_themes') ) - die(''.__('You have do not have sufficient permissions to edit themes for this blog.').'
'); + wp_die(''.__('You do not have sufficient permissions to edit themes for this blog.').'
'); + + require_once('admin-header.php'); update_recently_edited($file); - + if (!is_file($real_file)) $error = 1; - + if (!$error && filesize($real_file) > 0) { $f = fopen($real_file, 'r'); $content = fread($f, filesize($real_file)); @@ -87,7 +80,7 @@ default:%s
'), $file_show) . '';
@@ -113,46 +106,47 @@ default:
}
?>
+