diff --git a/classes/class-connector.php b/classes/class-connector.php index b2652b022..171f32f62 100644 --- a/classes/class-connector.php +++ b/classes/class-connector.php @@ -146,12 +146,12 @@ public function action_links( $links, $record ) { /** * Log handler * - * @param string $message sprintf-ready error message string. - * @param array $args sprintf (and extra) arguments to use. - * @param int $object_id Target object id. - * @param string $context Context of the event. - * @param string $action Action of the event. - * @param int $user_id User responsible for the event. + * @param string $message sprintf-ready error message string. + * @param array $args sprintf (and extra) arguments to use. + * @param int|null $object_id Target object id (if any). + * @param string $context Context of the event. + * @param string $action Action of the event. + * @param int $user_id User responsible for the event. * * @return bool */ diff --git a/connectors/class-connector-editor.php b/connectors/class-connector-editor.php index 8a1fd12e2..a85ca7437 100644 --- a/connectors/class-connector-editor.php +++ b/connectors/class-connector-editor.php @@ -46,9 +46,8 @@ class Connector_Editor extends Connector { */ public function register() { parent::register(); - add_action( 'load-theme-editor.php', array( $this, 'get_edition_data' ) ); - add_action( 'load-plugin-editor.php', array( $this, 'get_edition_data' ) ); - add_filter( 'wp_redirect', array( $this, 'log_changes' ) ); + + add_action( 'wp_ajax_edit-theme-plugin-file', array( $this, 'get_edition_data' ), 1 ); } /** @@ -187,33 +186,50 @@ public function action_links( $links, $record ) { } /** - * Retrieves data submitted on the screen, and prepares it for the appropriate context type + * Retrieves data submitted on the screen, prepares it for the appropriate context type and logs the changes * - * @action load-theme-editor.php - * @action load-plugin-editor.php + * @action wp_ajax_edit-theme-plugin-file */ public function get_edition_data() { - if ( - ( - isset( $_SERVER['REQUEST_METHOD'] ) - && - 'POST' !== sanitize_text_field( $_SERVER['REQUEST_METHOD'] ) - ) - || - 'update' !== wp_stream_filter_input( INPUT_POST, 'action' ) - ) { + if ( ! current_user_can( 'edit_theme_options' ) ) { + return; + } + + $action = wp_stream_filter_input( INPUT_POST, 'action' ); + $request_method = wp_stream_filter_input( INPUT_SERVER, 'REQUEST_METHOD' ); + $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); + $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); + $relative_file = wp_stream_filter_input( INPUT_POST, 'file' ); + + if ( ! empty( $theme_slug ) && ! check_admin_referer( 'edit-theme_' . $theme_slug . '_' . $relative_file, 'nonce' ) ) { + return; + } + + if ( ! empty( $plugin_slug ) && ! check_admin_referer( 'edit-plugin_' . $relative_file, 'nonce' ) ) { return; } - $theme_slug = wp_stream_filter_input( INPUT_POST, 'theme' ); + if ( ( isset( $request_method ) && 'POST' !== $request_method ) || ( 'edit-theme-plugin-file' !== $action ) ) { + return; + } + + $location = null; + if ( $theme_slug ) { + $location = 'theme-editor.php'; $this->edited_file = $this->get_theme_data( $theme_slug ); } - $plugin_slug = wp_stream_filter_input( INPUT_POST, 'plugin' ); if ( $plugin_slug ) { + $location = 'plugin-editor.php'; $this->edited_file = $this->get_plugin_data( $plugin_slug ); } + + if ( ! $location ) { + return; + } + + $this->log_changes( $location ); } /** @@ -298,14 +314,11 @@ public function get_plugin_data( $slug ) { /** * Logs changes * - * @filter wp_redirect - * * @param string $location Location. */ - public function log_changes( $location ) { + public function log_changes( string $location ): string { if ( ! empty( $this->edited_file ) ) { - // TODO: phpcs fix. - if ( md5_file( $this->edited_file['file_path'] ) !== $this->edited_file['file_md5'] ) { + if ( md5_file( $this->edited_file['file_path'] ) === $this->edited_file['file_md5'] ) { $context = $this->get_context( $location ); switch ( $context ) {