wp_edit_theme_plugin_file() – Attempts to edit a file for a theme or plugin.

You appear to be a bot. Output may be restricted

Description

Attempts to edit a file for a theme or plugin.

When editing a PHP file, loopback requests will be made to the admin and the homepage to attempt to see if there is a fatal error introduced. If so, the PHP change will be reverted.

Usage

$true|WP_Error = wp_edit_theme_plugin_file( $args );

Parameters

$args
( string[] ) required – { Args. Note that all of the arg values are already unslashed. They are, however, coming straight from $_POST and are not validated or sanitized in any way.
$file
( string ) required – Relative path to file.
$plugin
( string ) required – Path to the plugin file relative to the plugins directory.
$theme
( string ) required – Theme being edited.
$newcontent
( string ) required – New content for the file.
$nonce
( string ) required – Nonce. }

Returns

true|WP_Error True on success or WP_Error on failure.

Source

File name: wordpress/wp-admin/includes/file.php
Lines:

1 to 100 of 276
function wp_edit_theme_plugin_file( $args ) {
  if ( empty( $args['file'] ) ) {
    return new WP_Error( 'missing_file' );
  }

  if ( 0 !== validate_file( $args['file'] ) ) {
    return new WP_Error( 'bad_file' );
  }

  if ( ! isset( $args['newcontent'] ) ) {
    return new WP_Error( 'missing_content' );
  }

  if ( ! isset( $args['nonce'] ) ) {
    return new WP_Error( 'missing_nonce' );
  }

  $file    = $args['file'];
  $content = $args['newcontent'];

  $plugin    = null;
  $theme     = null;
  $real_file = null;

  if ( ! empty( $args['plugin'] ) ) {
    $plugin = $args['plugin'];

    if ( ! current_user_can( 'edit_plugins' ) ) {
      return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit plugins for this site.' ) );
    }

    if ( ! wp_verify_nonce( $args['nonce'], 'edit-plugin_' . $file ) ) {
      return new WP_Error( 'nonce_failure' );
    }

    if ( ! array_key_exists( $plugin, get_plugins() ) ) {
      return new WP_Error( 'invalid_plugin' );
    }

    if ( 0 !== validate_file( $file, get_plugin_files( $plugin ) ) ) {
      return new WP_Error( 'bad_plugin_file_path', __( 'Sorry, that file cannot be edited.' ) );
    }

    $editable_extensions = wp_get_plugin_file_editable_extensions( $plugin );

    $real_file = WP_PLUGIN_DIR . '/' . $file;

    $is_active = in_array(
      $plugin,
      (array) get_option( 'active_plugins', array() ),
      true
    );

  } elseif ( ! empty( $args['theme'] ) ) {
    $stylesheet = $args['theme'];

    if ( 0 !== validate_file( $stylesheet ) ) {
      return new WP_Error( 'bad_theme_path' );
    }

    if ( ! current_user_can( 'edit_themes' ) ) {
      return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit templates for this site.' ) );
    }

    $theme = wp_get_theme( $stylesheet );
    if ( ! $theme->exists() ) {
      return new WP_Error( 'non_existent_theme', __( 'The requested theme does not exist.' ) );
    }

    if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $stylesheet . '_' . $file ) ) {
      return new WP_Error( 'nonce_failure' );
    }

    if ( $theme->errors() && 'theme_no_stylesheet' === $theme->errors()->get_error_code() ) {
      return new WP_Error(
        'theme_no_stylesheet',
        __( 'The requested theme does not exist.' ) . ' ' . $theme->errors()->get_error_message()
      );
    }

    $editable_extensions = wp_get_theme_file_editable_extensions( $theme );

    $allowed_files = array();
    foreach ( $editable_extensions as $type ) {
      switch ( $type ) {
        case 'php':
          $allowed_files = array_merge( $allowed_files, $theme->get_files( 'php', -1 ) );
          break;
        case 'css':
          $style_files                = $theme->get_files( 'css', -1 );
          $allowed_files['style.css'] = $style_files['style.css'];
          $allowed_files              = array_merge( $allowed_files, $style_files );
          break;
        default:
          $allowed_files = array_merge( $allowed_files, $theme->get_files( $type, -1 ) );
          break;
      }
    }

    // Compare based on relative paths.
 

 View on GitHub View on Trac