Automattic / vip-go-wpcom-compat

VIP Go / WordPress.com Compatibility
https://wpvip.com
2 stars 6 forks source link

Fix plugins_url() when used inside a theme #40

Closed WPprodigy closed 4 years ago

WPprodigy commented 4 years ago

On WPcom, it's common to have plugins located within the theme folder. As a result, some might have become dependent on plugins_url() which would have resolved fine on WPcom.

On VIP Go though, wp-content/themes/theme-name/plugins is not a valid entry in $wp_plugin_paths. So plugin_basename() ends up returning a rather funky path, which results in URLs that are both invalid and leaking server paths.

WPprodigy commented 4 years ago

@rinatkhaziev I updated this PR.

In summary, if the $relative_file_path points to something in the theme's directory then we know we need to intervene and resolve the problem, much like what we do for client-mu-plugins: https://github.com/Automattic/vip-go-mu-plugins/blob/d1361162e2436f81bcc7493a16af073dd4cb3914/z-client-mu-plugins.php#L84-L113

For testing, I just sandboxed a site and put the following in the theme's functions.php file:

add_action( 'init', 'testing_plugins_url_stuff' );
function testing_plugins_url_stuff() {
    echo ' Test 1: ' . plugins_url( '', __FILE__ );
    echo ' Test 2: ' . plugins_url( 'file.js', __FILE__ );
    echo ' Test 3: ' . plugins_url( 'some/path/to/file.js', __FILE__ );
    die();
}

Before this patch, the above will output really messed up URLs that disclose full server file paths. After the patch, they will be "valid" urls as intended by plugins_url() usage.

Also fixes problems with plugin_dir_url() by inheritance.