diff --git a/wp-admin/plugin-editor.php b/wp-admin/plugin-editor.php index c920eb61b7..3e58a7ec60 100644 --- a/wp-admin/plugin-editor.php +++ b/wp-admin/plugin-editor.php @@ -93,9 +93,11 @@ $edit_error = null; $posted_content = null; if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) { - $r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); - if ( is_wp_error( $r ) ) { - $edit_error = $r; + $edit_result = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); + + if ( is_wp_error( $edit_result ) ) { + $edit_error = $edit_result; + if ( check_ajax_referer( 'edit-plugin_' . $file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) { $posted_content = wp_unslash( $_POST['newcontent'] ); } @@ -122,9 +124,10 @@ if ( ! is_file( $real_file ) ) { } else { // Get the extension of the file. if ( preg_match( '/\.([^.]+)$/', $real_file, $matches ) ) { - $ext = strtolower( $matches[1] ); + $extension = strtolower( $matches[1] ); + // If extension is not in the acceptable list, skip it. - if ( ! in_array( $ext, $editable_extensions, true ) ) { + if ( ! in_array( $extension, $editable_extensions, true ) ) { wp_die( sprintf( '

%s

', __( 'Files of this type are not editable.' ) ) ); } } diff --git a/wp-includes/version.php b/wp-includes/version.php index c132ebd848..bc6601f643 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -16,7 +16,7 @@ * * @global string $wp_version */ -$wp_version = '6.9-alpha-60927'; +$wp_version = '6.9-alpha-60928'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.