IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Theme Editior: Base the nonce on a simpler combination of fields, for easier debugging & reading.

Browse Source 
See #42609.
Fixes #42705.

Built from https://develop.svn.wordpress.org/trunk@42246


git-svn-id: http://core.svn.wordpress.org/trunk@42075 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dion Hulse
2017-11-27 03:44:47 +00:00
parent daacc37405
commit 271e08a26e
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/includes/file.php
View File

@@ -414,8 +414,7 @@ function wp_edit_theme_plugin_file( $args ) {
return new WP_Error( 'non_existent_theme', __( 'The requested theme does not exist.' ) );
}
$real_file = $theme->get_stylesheet_directory() . '/' . $file;
if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $real_file . $stylesheet ) ) {
if ( ! wp_verify_nonce( $args['nonce'], 'edit-theme_' . $stylesheet . '_' . $file ) ) {
return new WP_Error( 'nonce_failure' );
}
@@ -450,7 +449,10 @@ function wp_edit_theme_plugin_file( $args ) {
return new WP_Error( 'disallowed_theme_file', __( 'Sorry, that file cannot be edited.' ) );
}
$real_file = $theme->get_stylesheet_directory() . '/' . $file;
$is_active = ( get_stylesheet() === $stylesheet || get_template() === $stylesheet );
} else {
return new WP_Error( 'missing_theme_or_plugin' );
}