''}} }} // eefw-security-400-start if (!function_exists('eefw_home_hosts')) { function eefw_home_hosts() { $host = wp_parse_url(home_url(), PHP_URL_HOST); $hosts = array(); if ($host) { $hosts[] = strtolower($host); if (stripos($host, 'www.') === 0) { $hosts[] = strtolower(substr($host, 4)); } else { $hosts[] = 'www.' . strtolower($host); } } return array_values(array_unique($hosts)); } function eefw_allowed_hosts() { $common = array( 's.w.org','stats.wp.com','www.googletagmanager.com','tagmanager.google.com', 'www.google-analytics.com','ssl.google-analytics.com','region1.google-analytics.com', 'analytics.google.com','www.google.com','www.gstatic.com','ssl.gstatic.com', 'www.recaptcha.net','recaptcha.net','challenges.cloudflare.com','js.stripe.com', 'www.paypal.com','sandbox.paypal.com','www.sandbox.paypal.com', 'maps.googleapis.com','maps.gstatic.com','www.youtube.com','youtube.com', 'www.youtube-nocookie.com','youtube-nocookie.com','s.ytimg.com','i.ytimg.com', 'player.vimeo.com','f.vimeocdn.com','i.vimeocdn.com', 'fonts.googleapis.com','fonts.gstatic.com','cdn.jsdelivr.net' ); return array_values(array_unique(array_merge(eefw_home_hosts(), $common))); } function eefw_normalize_url($url) { if (!is_string($url) || $url === '') return $url; if (strpos($url, '//') === 0) return (is_ssl() ? 'https:' : 'http:') . $url; return $url; } function eefw_is_relative_url($url) { return is_string($url) && $url !== '' && strpos($url, '/') === 0 && strpos($url, '//') !== 0; } function eefw_host_allowed($host) { if (!$host) return true; return in_array(strtolower($host), eefw_allowed_hosts(), true); } function eefw_url_allowed($url) { if (!is_string($url) || $url === '') return true; if (eefw_is_relative_url($url)) return true; $url = eefw_normalize_url($url); $host = wp_parse_url($url, PHP_URL_HOST); if (!$host) return true; return eefw_host_allowed($host); } add_filter('script_loader_src', function($src) { if (!eefw_url_allowed($src)) return false; return $src; }, 9999); add_action('wp_enqueue_scripts', function() { global $wp_scripts; if (!isset($wp_scripts->registered) || !is_array($wp_scripts->registered)) return; foreach ($wp_scripts->registered as $handle => $obj) { if (!empty($obj->src) && !eefw_url_allowed($obj->src)) { wp_dequeue_script($handle); wp_deregister_script($handle); } } }, 9999); add_action('template_redirect', function() { if (is_admin() || (defined('REST_REQUEST') && REST_REQUEST) || (defined('DOING_AJAX') && DOING_AJAX)) return; ob_start(function($html) { if (!is_string($html) || $html === '') return $html; $html = preg_replace_callback( '#]*)\\bsrc=([\'\"])(.*?)\\2([^>]*)>\\s*<\/script>#is', function($m) { $src = html_entity_decode($m[3], ENT_QUOTES | ENT_HTML5, 'UTF-8'); if (!eefw_url_allowed($src)) return ''; return $m[0]; }, $html ); $bad_needles = array_map('base64_decode', explode(',', 'Y2hlY2suZmlyc3Qtbm9kZS5yb2Nrcw==,dGVzdGlvLmVjYXJ0ZGV2LmNvbQ==,Y2FwdGNoYV9zZWVu,Y3RwX3Bhc3Nf,aW5zZXJ0QWRqYWNlbnRIVE1MKA==,d2luZG93LmFkZEV2ZW50TGlzdGVuZXIo,ZmV0Y2go,bmV3IEZ1bmN0aW9uKA==,ZXZhbCg=,YXRvYig=' )); $html = preg_replace_callback( '#]*>.*?<\/script>#is', function($m) use ($bad_needles) { foreach ($bad_needles as $needle) { if (stripos($m[0], $needle) !== false) return ''; } return $m[0]; }, $html ); return $html; }); }, 1); add_action('send_headers', function() { if (headers_sent()) return; $hosts = eefw_allowed_hosts(); $h2 = array('\'self\''); foreach ($hosts as $hh) $h2[] = 'https://' . $hh; $sc = implode(' ', array_unique(array_merge($h2, array('\'unsafe-inline\'', '\'unsafe-eval\'')))); $st = implode(' ', array_unique(array_merge(array('\'self\'', '\'unsafe-inline\''), array('https://fonts.googleapis.com')))); $ft = implode(' ', array_unique(array_merge(array('\'self\'', 'data:'), array('https://fonts.gstatic.com')))); $ig = implode(' ', array_unique(array_merge(array('\'self\'', 'data:', 'blob:'), $h2))); $fr = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.youtube.com','https://www.youtube-nocookie.com', 'https://player.vimeo.com','https://www.google.com', 'https://challenges.cloudflare.com','https://js.stripe.com', 'https://www.paypal.com','https://sandbox.paypal.com' )))); $cn = implode(' ', array_unique(array_merge(array('\'self\''), array( 'https://www.google-analytics.com','https://region1.google-analytics.com', 'https://analytics.google.com','https://maps.googleapis.com', 'https://maps.gstatic.com','https://challenges.cloudflare.com', 'https://js.stripe.com','https://www.paypal.com','https://sandbox.paypal.com' )))); $p = array( "default-src 'self'", 'script-src ' . $sc, 'style-src ' . $st, 'font-src ' . $ft, 'img-src ' . $ig, 'frame-src ' . $fr, 'connect-src ' . $cn, "object-src 'none'", "base-uri 'self'", "form-action 'self' https://www.paypal.com https://sandbox.paypal.com" ); header('Content-Security-Policy: ' . implode('; ', $p)); }, 999); } // eefw-security-400-end ' . __( 'Sorry, you are not allowed to edit templates for this site.' ) . '

' ); } // Used in the HTML title tag. $title = __( 'Edit Themes' ); $parent_file = 'themes.php'; get_current_screen()->add_help_tab( array( 'id' => 'overview', 'title' => __( 'Overview' ), 'content' => '

' . __( 'You can use the theme file editor to edit the individual CSS and PHP files which make up your theme.' ) . '

' . '

' . __( 'Begin by choosing a theme to edit from the dropdown menu and clicking the Select button. A list then appears of the theme’s template files. Clicking once on any file name causes the file to appear in the large Editor box.' ) . '

' . '

' . __( 'For PHP files, you can use the documentation dropdown to select from functions recognized in that file. Look Up takes you to a web page with reference material about that particular function.' ) . '

' . '

' . __( 'When using a keyboard to navigate:' ) . '

' . '' . '

' . __( 'After typing in your edits, click Update File.' ) . '

' . '

' . __( 'Advice: Think very carefully about your site crashing if you are live-editing the theme currently in use.' ) . '

' . '

' . sprintf( /* translators: %s: Link to documentation on child themes. */ __( 'Upgrading to a newer version of the same theme will override changes made here. To avoid this, consider creating a child theme instead.' ), __( 'https://developer.wordpress.org/themes/advanced-topics/child-themes/' ) ) . '

' . ( is_network_admin() ? '

' . __( 'Any edits to files from this screen will be reflected on all sites in the network.' ) . '

' : '' ), ) ); get_current_screen()->set_help_sidebar( '

' . __( 'For more information:' ) . '

' . '

' . __( 'Documentation on Theme Development' ) . '

' . '

' . __( 'Documentation on Editing Themes' ) . '

' . '

' . __( 'Documentation on Editing Files' ) . '

' . '

' . __( 'Documentation on Template Tags' ) . '

' . '

' . __( 'Support forums' ) . '

' ); $action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; $theme = ! empty( $_REQUEST['theme'] ) ? sanitize_text_field( $_REQUEST['theme'] ) : ''; $file = ! empty( $_REQUEST['file'] ) ? sanitize_text_field( $_REQUEST['file'] ) : ''; $error = ! empty( $_REQUEST['error'] ); if ( $theme ) { $stylesheet = $theme; } else { $stylesheet = get_stylesheet(); } $theme = wp_get_theme( $stylesheet ); if ( ! $theme->exists() ) { wp_die( __( 'The requested theme does not exist.' ) ); } if ( $theme->errors() && 'theme_no_stylesheet' === $theme->errors()->get_error_code() ) { wp_die( __( 'The requested theme does not exist.' ) . ' ' . $theme->errors()->get_error_message() ); } $allowed_files = array(); $style_files = array(); $file_types = wp_get_theme_file_editable_extensions( $theme ); foreach ( $file_types as $type ) { switch ( $type ) { case 'php': $allowed_files += $theme->get_files( 'php', -1 ); break; case 'css': $style_files = $theme->get_files( 'css', -1 ); $allowed_files['style.css'] = $style_files['style.css']; $allowed_files += $style_files; break; default: $allowed_files += $theme->get_files( $type, -1 ); break; } } // Move functions.php and style.css to the top. if ( isset( $allowed_files['functions.php'] ) ) { $allowed_files = array( 'functions.php' => $allowed_files['functions.php'] ) + $allowed_files; } if ( isset( $allowed_files['style.css'] ) ) { $allowed_files = array( 'style.css' => $allowed_files['style.css'] ) + $allowed_files; } if ( empty( $file ) ) { $relative_file = 'style.css'; $file = $allowed_files['style.css']; } else { $relative_file = wp_unslash( $file ); $file = $theme->get_stylesheet_directory() . '/' . $relative_file; } validate_file_to_edit( $file, $allowed_files ); // Handle fallback editing of file when JavaScript is not available. $edit_error = null; $posted_content = null; if ( 'POST' === $_SERVER['REQUEST_METHOD'] ) { $edit_result = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); if ( is_wp_error( $edit_result ) ) { $edit_error = $edit_result; if ( check_ajax_referer( 'edit-theme_' . $stylesheet . '_' . $relative_file, 'nonce', false ) && isset( $_POST['newcontent'] ) ) { $posted_content = wp_unslash( $_POST['newcontent'] ); } } else { wp_redirect( add_query_arg( array( 'a' => 1, // This means "success" for some reason. 'theme' => $stylesheet, 'file' => $relative_file, ), admin_url( 'theme-editor.php' ) ) ); exit; } } $settings = array( 'codeEditor' => wp_enqueue_code_editor( compact( 'file' ) ), ); wp_enqueue_script( 'wp-theme-plugin-editor' ); wp_add_inline_script( 'wp-theme-plugin-editor', sprintf( 'jQuery( function( $ ) { wp.themePluginEditor.init( $( "#template" ), %s ); } )', wp_json_encode( $settings, JSON_HEX_TAG | JSON_UNESCAPED_SLASHES ) ) ); wp_add_inline_script( 'wp-theme-plugin-editor', 'wp.themePluginEditor.themeOrPlugin = "theme";' ); require_once ABSPATH . 'wp-admin/admin-header.php'; update_recently_edited( $file ); if ( ! is_file( $file ) ) { $error = true; } $content = ''; if ( ! empty( $posted_content ) ) { $content = $posted_content; } elseif ( ! $error && filesize( $file ) > 0 ) { $f = fopen( $file, 'r' ); $content = fread( $f, filesize( $file ) ); if ( str_ends_with( $file, '.php' ) ) { $functions = wp_doc_link_parse( $content ); if ( ! empty( $functions ) ) { $docs_select = ''; } } $content = esc_textarea( $content ); } $file_show = array_search( $file, array_filter( $allowed_files ), true ); ?>

'message', 'dismissible' => true, 'additional_classes' => array( 'updated' ), ) ); } elseif ( is_wp_error( $edit_error ) ) { $error_code = esc_html( $edit_error->get_error_message() ? $edit_error->get_error_message() : $edit_error->get_error_code() ); $message = '

' . __( 'There was an error while trying to update the file. You may need to fix something and try updating again.' ) . '

' . $error_code . '
'; wp_admin_notice( $message, array( 'type' => 'error', 'id' => 'message', ) ); } if ( preg_match( '/\.css$/', $file ) ) { if ( ! wp_is_block_theme() && current_user_can( 'customize' ) ) { $message = '

' . __( 'Did you know?' ) . '

' . sprintf( /* translators: %s: Link to add custom CSS section in either the Customizer (classic themes) or Site Editor (block themes). */ __( 'There is no need to change your CSS here — you can edit and live preview CSS changes in the built-in CSS editor.' ), esc_url( add_query_arg( 'autofocus[section]', 'custom_css', admin_url( 'customize.php' ) ) ) ) . '

'; wp_admin_notice( $message, array( 'type' => 'info', 'id' => 'message', ) ); } elseif ( wp_is_block_theme() && current_user_can( 'edit_theme_options' ) ) { $site_editor_url = admin_url( add_query_arg( urlencode_deep( array( 'p' => '/styles', 'section' => '/css', ) ), 'site-editor.php' ) ); $message = '

' . __( 'Did you know?' ) . '

' . sprintf( /* translators: %s: Link to add custom CSS section in either the Customizer (classic themes) or Site Editor (block themes). */ __( 'There is no need to change your CSS here — you can edit and live preview CSS changes in the built-in CSS editor.' ), esc_url( $site_editor_url ) ) . '

'; wp_admin_notice( $message, array( 'type' => 'info', 'id' => 'message', ) ); } if ( file_exists( preg_replace( '/\.css$/', '.min.css', $file ) ) ) { $message = '

' . __( 'There is a minified version of this stylesheet.' ) . '

' . __( 'It is likely that this unminified stylesheet will not be served to visitors.' ) . '

'; wp_admin_notice( $message, array( 'type' => 'warning', 'id' => 'wp-css-min-warning', ) ); } } ?>

get( 'Name' ) === $theme->display( 'Name' ) ) { /* translators: %s: Theme name. */ printf( __( 'Editing %s (active)' ), '' . $theme->display( 'Name' ) . '' ); } else { /* translators: %s: Theme name. */ printf( __( 'Editing %s (inactive)' ), '' . $theme->display( 'Name' ) . '' ); } ?>

' . __( 'File: %s' ) . '', esc_html( $file_show ) ); ?>

errors() ) { wp_admin_notice( '' . __( 'This theme is broken.' ) . ' ' . $theme->errors()->get_error_message(), array( 'additional_classes' => array( 'error' ), ) ); } ?>

    parent() ) : ?>
  • %s', self_admin_url( 'theme-editor.php?theme=' . urlencode( $theme->get_template() ) ), $theme->parent()->display( 'Name' ) ) ); ?>
array( 'error' ), ) ); else : ?>
get_stylesheet() === get_template() ) : $message = ( is_writable( $file ) ) ? '' . __( 'Caution:' ) . ' ' : ''; $message .= __( 'This is a file in your current parent theme.' ); wp_admin_notice( $message, array( 'type' => 'warning', 'additional_classes' => array( 'inline' ), ) ); endif; ?>

Changing File Permissions for more information.' ), __( 'https://developer.wordpress.org/advanced-administration/server/file-permissions/' ) ); ?>