While we're on the subject, any chance of turning the template editor into a simple file manager?
Security Bug inWordPress 1.0.1 (6 posts)
-
-
OperaManiac
Posted 8 years ago #i had like that too... an online file editor!
that can even be used to make online static pages... -
davidchait
Posted 8 years ago #The template editor IS an online file editor. :) Though I'd agree it could use a simple nav/browse interface to get to files.
It'd also be nice if the intent IS for online editing, to add some kind of styled editor option (I'm not sure what form that would take, custom control, java, js, etc., just tossing it out there...), as it's hard enough to read PHP with a nice colorizing editor like Crimson... but just try editing in something like notepad.. ;) Great for a quick 'ooops, I screwed that up' remote fix.
-d -
Posted 8 years ago #well the ability to make new files would make it more powerful... i guess making the wp folder writable wont make it less secure :)
-
Matt Mullenweg
Posted 8 years ago #gennadiy_l, could you confirm that you are able to edit files outside of the WordPress folder? That shouldn't be possible because we strip directory-walking characters from the update code, look around line 54 of
templates.php. -
Ryan Boren
Posted 8 years ago #Thanks gennadiy_l. Fix committed. I reworked things a bit, so extra testing from those using the nightlies would be appreciated.
Topic Closed
This topic has been closed to new replies.
