$written = fwrite( $f, $content );
if ( false === $written ) {
return new WP_Error( 'unable_to_write', __( 'Unable to write to file.' ) );
wp_opcache_invalidate( $real_file, true );
if ( $is_active && 'php' === $extension ) {
$scrape_key = md5( rand() );
$transient = 'scrape_key_' . $scrape_key;
$scrape_nonce = (string) rand();
// It shouldn't take more than 60 seconds to make the two loopback requests.
set_transient( $transient, $scrape_nonce, 60 );
$cookies = wp_unslash( $_COOKIE );
'wp_scrape_key' => $scrape_key,
'wp_scrape_nonce' => $scrape_nonce,
'Cache-Control' => 'no-cache',
/** This filter is documented in wp-includes/class-wp-http-streams.php */
$sslverify = apply_filters( 'https_local_ssl_verify', false );
// Include Basic auth in loopback requests.
if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) {
$headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) );
// Make sure PHP process doesn't die before loopback requests complete.
// Time to wait for loopback requests to finish.
$needle_start = "###### wp_scraping_result_start:$scrape_key ######";
$needle_end = "###### wp_scraping_result_end:$scrape_key ######";
// Attempt loopback request to editor to see if user just whitescreened themselves.
$url = add_query_arg( compact( 'plugin', 'file' ), admin_url( 'plugin-editor.php' ) );
} elseif ( isset( $stylesheet ) ) {
admin_url( 'theme-editor.php' )
if ( function_exists( 'session_status' ) && PHP_SESSION_ACTIVE === session_status() ) {
// Close any active session to prevent HTTP requests from timing out
// when attempting to connect back to the site.
$url = add_query_arg( $scrape_params, $url );
$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );
$body = wp_remote_retrieve_body( $r );
$scrape_result_position = strpos( $body, $needle_start );
$loopback_request_failure = array(
'code' => 'loopback_request_failed',
'message' => __( 'Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.' ),
$json_parse_failure = array(
'code' => 'json_parse_error',
if ( false === $scrape_result_position ) {
$result = $loopback_request_failure;
$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );
$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );
$result = json_decode( trim( $error_output ), true );
if ( empty( $result ) ) {
$result = $json_parse_failure;
// Try making request to homepage as well to see if visitors have been whitescreened.
if ( true === $result ) {
$url = add_query_arg( $scrape_params, $url );
$r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout', 'sslverify' ) );
$body = wp_remote_retrieve_body( $r );
$scrape_result_position = strpos( $body, $needle_start );
if ( false === $scrape_result_position ) {
$result = $loopback_request_failure;
$error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) );
$error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) );
$result = json_decode( trim( $error_output ), true );
if ( empty( $result ) ) {
$result = $json_parse_failure;
delete_transient( $transient );
if ( true !== $result ) {
// Roll-back file change.
file_put_contents( $real_file, $previous_content );
wp_opcache_invalidate( $real_file, true );
if ( ! isset( $result['message'] ) ) {
$message = __( 'Something went wrong.' );
$message = $result['message'];
unset( $result['message'] );
return new WP_Error( 'php_error', $message, $result );
if ( $theme instanceof WP_Theme ) {
* Returns a filename of a temporary unique file.
* Please note that the calling function must unlink() this itself.
* The filename is based off the passed parameter or defaults to the current unix timestamp,
* while the directory can either be passed as well, or by leaving it blank, default to a writable
* @param string $filename Optional. Filename to base the Unique file off. Default empty.
* @param string $dir Optional. Directory to store the file in. Default empty.
* @return string A writable filename.
function wp_tempnam( $filename = '', $dir = '' ) {
if ( empty( $filename ) || in_array( $filename, array( '.', '/', '\\' ), true ) ) {
// Use the basename of the given file without the extension as the name for the temporary directory.
$temp_filename = basename( $filename );
$temp_filename = preg_replace( '|\.[^.]*$|', '', $temp_filename );
// If the folder is falsey, use its parent directory name instead.
if ( ! $temp_filename ) {
return wp_tempnam( dirname( $filename ), $dir );
// Suffix some random data to avoid filename conflicts.
$temp_filename .= '-' . wp_generate_password( 6, false );
$temp_filename .= '.tmp';
$temp_filename = $dir . wp_unique_filename( $dir, $temp_filename );
$fp = @fopen( $temp_filename, 'x' );
if ( ! $fp && is_writable( $dir ) && file_exists( $temp_filename ) ) {
return wp_tempnam( $filename, $dir );
* Makes sure that the file that was requested to be edited is allowed to be edited.
* Function will die if you are not allowed to edit the file.
* @param string $file File the user is attempting to edit.
* @param string[] $allowed_files Optional. Array of allowed files to edit.
* `$file` must match an entry exactly.
* @return string|void Returns the file name on success, dies on failure.
function validate_file_to_edit( $file, $allowed_files = array() ) {
$code = validate_file( $file, $allowed_files );
wp_die( __( 'Sorry, that file cannot be edited.' ) );
// wp_die( __('Sorry, can’t call files with their real path.' ));
wp_die( __( 'Sorry, that file cannot be edited.' ) );
* Handles PHP uploads in WordPress.
* Sanitizes file names, checks extensions for mime type, and moves the file
* to the appropriate directory within the uploads directory.
* @see wp_handle_upload_error
* @param string[] $file Reference to a single element of `$_FILES`.
* Call the function once for each uploaded file.
* @param array|false $overrides {
* An array of override parameters for this file, or boolean false if none are provided.
* @type callable $upload_error_handler Function to call when there is an error during the upload process.
* @see wp_handle_upload_error().
* @type callable $unique_filename_callback Function to call when determining a unique file name for the file.
* @see wp_unique_filename().
* @type string[] $upload_error_strings The strings that describe the error indicated in
* `$_FILES[{form field}]['error']`.
* @type bool $test_form Whether to test that the `$_POST['action']` parameter is as expected.
* @type bool $test_size Whether to test that the file size is greater than zero bytes.
* @type bool $test_type Whether to test that the mime type of the file is as expected.
* @type string[] $mimes Array of allowed mime types keyed by their file extension regex.
* @param string $time Time formatted in 'yyyy/mm'.
* @param string $action Expected value for `$_POST['action']`.
* @return string[] On success, returns an associative array of file attributes.
* On failure, returns `$overrides['upload_error_handler']( &$file, $message )`
* or `array( 'error' => $message )`.
function _wp_handle_upload( &$file, $overrides, $time, $action ) {
// The default error handler.
if ( ! function_exists( 'wp_handle_upload_error' ) ) {
function wp_handle_upload_error( &$file, $message ) {
return array( 'error' => $message );
* Filters the data for a file before it is uploaded to WordPress.
* The dynamic portion of the hook name, `$action`, refers to the post action.
* Possible filter names include:
* - `wp_handle_sideload_prefilter`
* - `wp_handle_upload_prefilter`
* @since 2.9.0 as 'wp_handle_upload_prefilter'.
* @since 4.0.0 Converted to a dynamic hook with `$action`.
* @param string[] $file An array of data for the file. Reference to a single element of `$_FILES`.
$file = apply_filters( "{$action}_prefilter", $file );
* Filters the override parameters for a file before it is uploaded to WordPress.
* The dynamic portion of the hook name, `$action`, refers to the post action.
* Possible filter names include:
* - `wp_handle_sideload_overrides`
* - `wp_handle_upload_overrides`
* @param array|false $overrides An array of override parameters for this file. Boolean false if none are
* provided. @see _wp_handle_upload().
* @param string[] $file An array of data for the file. Reference to a single element of `$_FILES`.
$overrides = apply_filters( "{$action}_overrides", $overrides, $file );
// You may define your own function and pass the name in $overrides['upload_error_handler'].
$upload_error_handler = 'wp_handle_upload_error';
if ( isset( $overrides['upload_error_handler'] ) ) {
$upload_error_handler = $overrides['upload_error_handler'];
// You may have had one or more 'wp_handle_upload_prefilter' functions error out the file. Handle that gracefully.
if ( isset( $file['error'] ) && ! is_numeric( $file['error'] ) && $file['error'] ) {
return call_user_func_array( $upload_error_handler, array( &$file, $file['error'] ) );
// Install user overrides. Did we mention that this voids your warranty?
// You may define your own function and pass the name in $overrides['unique_filename_callback'].
$unique_filename_callback = null;
if ( isset( $overrides['unique_filename_callback'] ) ) {
$unique_filename_callback = $overrides['unique_filename_callback'];
* This may not have originally been intended to be overridable,
* but historically has been.
if ( isset( $overrides['upload_error_strings'] ) ) {
$upload_error_strings = $overrides['upload_error_strings'];
// Courtesy of php.net, the strings that describe the error indicated in $_FILES[{form field}]['error'].
$upload_error_strings = array(
/* translators: 1: upload_max_filesize, 2: php.ini */
__( 'The uploaded file exceeds the %1$s directive in %2$s.' ),
/* translators: %s: MAX_FILE_SIZE */
__( 'The uploaded file exceeds the %s directive that was specified in the HTML form.' ),
__( 'The uploaded file was only partially uploaded.' ),
__( 'No file was uploaded.' ),
__( 'Missing a temporary folder.' ),
__( 'Failed to write file to disk.' ),
__( 'File upload stopped by extension.' ),
// All tests are on by default. Most can be turned off by $overrides[{test_name}] = false;
$test_form = isset( $overrides['test_form'] ) ? $overrides['test_form'] : true;
$test_size = isset( $overrides['test_size'] ) ? $overrides['test_size'] : true;
// If you override this, you must provide $ext and $type!!
$test_type = isset( $overrides['test_type'] ) ? $overrides['test_type'] : true;
$mimes = isset( $overrides['mimes'] ) ? $overrides['mimes'] : false;
// A correct form post will pass this test.
if ( $test_form && ( ! isset( $_POST['action'] ) || ( $_POST['action'] != $action ) ) ) {
return call_user_func_array( $upload_error_handler, array( &$file, __( 'Invalid form submission.' ) ) );
// A successful upload will pass this test. It makes no sense to override this one.
if ( isset( $file['error'] ) && $file['error'] > 0 ) {
return call_user_func_array( $upload_error_handler, array( &$file, $upload_error_strings[ $file['error'] ] ) );
// A properly uploaded file will pass this test. There should be no reason to override this one.
$test_uploaded_file = 'wp_handle_upload' === $action ? is_uploaded_file( $file['tmp_name'] ) : @is_readable( $file['tmp_name'] );
if ( ! $test_uploaded_file ) {
return call_user_func_array( $upload_error_handler, array( &$file, __( 'Specified file failed upload test.' ) ) );
$test_file_size = 'wp_handle_upload' === $action ? $file['size'] : filesize( $file['tmp_name'] );
// A non-empty file will pass this test.
if ( $test_size && ! ( $test_file_size > 0 ) ) {
$error_msg = __( 'File is empty. Please upload something more substantial.' );
/* translators: 1: php.ini, 2: post_max_size, 3: upload_max_filesize */
__( 'File is empty. Please upload something more substantial. This error could also be caused by uploads being disabled in your %1$s file or by %2$s being defined as smaller than %3$s in %1$s.' ),
return call_user_func_array( $upload_error_handler, array( &$file, $error_msg ) );
// A correct MIME type will pass this test. Override $mimes or use the upload_mimes filter.
$wp_filetype = wp_check_filetype_and_ext( $file['tmp_name'], $file['name'], $mimes );
$ext = empty( $wp_filetype['ext'] ) ? '' : $wp_filetype['ext'];
$type = empty( $wp_filetype['type'] ) ? '' : $wp_filetype['type'];
$proper_filename = empty( $wp_filetype['proper_filename'] ) ? '' : $wp_filetype['proper_filename'];
// Check to see if wp_check_filetype_and_ext() determined the filename was incorrect.
if ( $proper_filename ) {
$file['name'] = $proper_filename;
if ( ( ! $type || ! $ext ) && ! current_user_can( 'unfiltered_upload' ) ) {
return call_user_func_array( $upload_error_handler, array( &$file, __( 'Sorry, this file type is not permitted for security reasons.' ) ) );
* A writable uploads dir will pass this test. Again, there's no point
$uploads = wp_upload_dir( $time );
if ( ! ( $uploads && false === $uploads['error'] ) ) {
return call_user_func_array( $upload_error_handler, array( &$file, $uploads['error'] ) );
$filename = wp_unique_filename( $uploads['path'], $file['name'], $unique_filename_callback );
// Move the file to the uploads dir.
$new_file = $uploads['path'] . "/$filename";
* Filters whether to short-circuit moving the uploaded file after passing all checks.
* If a non-null value is returned from the filter, moving the file and any related
* error reporting will be completely skipped.
* @param mixed $move_new_file If null (default) move the file after the upload.
* @param string[] $file An array of data for a single file.
* @param string $new_file Filename of the newly-uploaded file.
* @param string $type Mime type of the newly-uploaded file.
$move_new_file = apply_filters( 'pre_move_uploaded_file', null, $file, $new_file, $type );
if ( null === $move_new_file ) {
if ( 'wp_handle_upload' === $action ) {
$move_new_file = @move_uploaded_file( $file['tmp_name'], $new_file );
// Use copy and unlink because rename breaks streams.
// phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
$move_new_file = @copy( $file['tmp_name'], $new_file );
unlink( $file['tmp_name'] );
if ( false === $move_new_file ) {
if ( 0 === strpos( $uploads['basedir'], ABSPATH ) ) {
$error_path = str_replace( ABSPATH, '', $uploads['basedir'] ) . $uploads['subdir'];
$error_path = basename( $uploads['basedir'] ) . $uploads['subdir'];
return $upload_error_handler(
/* translators: %s: Destination file path. */
__( 'The uploaded file could not be moved to %s.' ),
// Set correct file permissions.
$stat = stat( dirname( $new_file ) );
$perms = $stat['mode'] & 0000666;
chmod( $new_file, $perms );
$url = $uploads['url'] . "/$filename";
clean_dirsize_cache( $new_file );
* Filters the data array for the uploaded file.
* @type string $file Filename of the newly-uploaded file.
* @type string $url URL of the newly-uploaded file.
* @type string $type Mime type of the newly-uploaded file.
* @param string $context The type of upload action. Values include 'upload' or 'sideload'.
'wp_handle_sideload' === $action ? 'sideload' : 'upload'
* Wrapper for _wp_handle_upload().
* Passes the {@see 'wp_handle_upload'} action.
* @see _wp_handle_upload()
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
