Closed WPprodigy closed 4 years ago
@rinatkhaziev I updated this PR.
In summary, if the $relative_file_path
points to something in the theme's directory then we know we need to intervene and resolve the problem, much like what we do for client-mu-plugins: https://github.com/Automattic/vip-go-mu-plugins/blob/d1361162e2436f81bcc7493a16af073dd4cb3914/z-client-mu-plugins.php#L84-L113
For testing, I just sandboxed a site and put the following in the theme's functions.php file:
add_action( 'init', 'testing_plugins_url_stuff' );
function testing_plugins_url_stuff() {
echo ' Test 1: ' . plugins_url( '', __FILE__ );
echo ' Test 2: ' . plugins_url( 'file.js', __FILE__ );
echo ' Test 3: ' . plugins_url( 'some/path/to/file.js', __FILE__ );
die();
}
Before this patch, the above will output really messed up URLs that disclose full server file paths. After the patch, they will be "valid" urls as intended by plugins_url()
usage.
Also fixes problems with plugin_dir_url()
by inheritance.
On WPcom, it's common to have plugins located within the theme folder. As a result, some might have become dependent on
plugins_url()
which would have resolved fine on WPcom.On VIP Go though,
wp-content/themes/theme-name/plugins
is not a valid entry in$wp_plugin_paths
. Soplugin_basename()
ends up returning a rather funky path, which results in URLs that are both invalid and leaking server paths.