diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-24 16:16:44 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-11-24 16:16:44 +0000 |
commit | 600b71019494e1c29898a620e58c0d2602f37b74 (patch) | |
tree | 21181d77ad4ebbcd42cd883e509c08a568d29514 /wp-admin/plugins.php | |
parent | 7935d0bd9ef23d32ae29a95bd6c3ea0b6eab2973 (diff) | |
download | wordpress-mu-600b71019494e1c29898a620e58c0d2602f37b74.tar.gz wordpress-mu-600b71019494e1c29898a620e58c0d2602f37b74.tar.xz wordpress-mu-600b71019494e1c29898a620e58c0d2602f37b74.zip |
WP Merge to 4524
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@810 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/plugins.php')
-rw-r--r-- | wp-admin/plugins.php | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 2acf689..f224937 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -12,12 +12,17 @@ if ( isset($_GET['action']) ) { if ('activate' == $_GET['action']) { check_admin_referer('activate-plugin_' . $_GET['plugin']); $current = get_option('active_plugins'); - if (!in_array($_GET['plugin'], $current)) { - $current[] = trim( $_GET['plugin'] ); + $plugin = trim($_GET['plugin']); + if ( validate_file($plugin) ) + wp_die(__('Invalid plugin.')); + if ( ! file_exists(ABSPATH . PLUGINDIR . '/' . $plugin) ) + wp_die(__('Plugin file does not exist.')); + if (!in_array($plugin, $current)) { + $current[] = $plugin; sort($current); update_option('active_plugins', $current); - include(ABSPATH . PLUGINDIR . '/' . trim( $_GET['plugin'] )); - do_action('activate_' . trim( $_GET['plugin'] )); + include(ABSPATH . PLUGINDIR . '/' . $plugin); + do_action('activate_' . $plugin); } wp_redirect('plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { @@ -110,7 +115,7 @@ if (empty($plugins)) { $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; if ( $style != '' ) $style = 'class="' . $style . '"'; - if ( is_writable(ABSPATH . PLUGINDIR . '/' . $plugin_file) ) + if ( is_writable(ABSPATH . 'wp-content/plugins/' . $plugin_file) ) $edit = "<a href='plugin-editor.php?file=$plugin_file' title='".__('Open this file in the Plugin Editor')."' class='edit'>".__('Edit')."</a>"; else $edit = ''; |