Exclude file from theme editor

Is possible to exclude some files from being viewed and modified in the theme editor?

1 Answer
1

In general I wouldn’t recommend editing files that way and just disable it with the well known DISALLOW_FILE_EDIT or DISALLOW_FILE_MODS constants, that are checked within the map_meta_cap() function.

But anyway it’s interesting to see if we can find a way to exclude files from the theme editor. Here are some ideas:

There doesn’t seem to be an explicit filter on the allowed files used in the theme editor:

$allowed_files = $theme->get_files( 'php', 1 );
$has_templates = ! empty( $allowed_files );
$style_files = $theme->get_files( 'css' );
$allowed_files['style.css'] = $style_files['style.css'];
$allowed_files += $style_files;

But we could stop the file from being updated with:

Example #1

add_action( 'check_admin_referer', function( $action, $result )
{   
    // Edit this to your needs
    $locked_file="404.php";
    $locked_theme="twentyfifteen";

    // Disallow editing for this file
    if( 
           false !== strpos( $action, 'edit-theme_' ) 
        && false !== strpos( $action, $locked_theme . "https://wordpress.stackexchange.com/" . $locked_file ) 
    ) 
        wp_die( __( "Sorry, you can't edit this file!" ) );

}, 10, 2 );

Note that I’m being rather lazy here with the file/theme check, so that could be improved 😉

Now the error message only shows up after we have edited the file and pressed the

Update File button. That could be frustrated user experience.

We could instead halt the screen-output as soon as we click on the file edit link. That’s not great user experience either, but better than the other one.

So we could add this to the previous example:

Example #2

Here we disable the edit_theme capability, for all users, on the theme-editor.php screen, when the GET parameters file and theme have certain values.

add_action( 'load-theme-editor.php', function()
{   
    add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $wp_user )
    {
        // Edit this to your needs
        $locked_file="404.php";
        $locked_theme="twentyfifteen";

        // Disallow editing for this file
        $file   = filter_input( INPUT_GET, 'file', FILTER_SANITIZE_STRING );
        $theme  = filter_input( INPUT_GET, 'theme', FILTER_SANITIZE_STRING );       
        if( 
               isset( $allcaps['edit_themes'] ) 
            && $locked_file === $file 
            && $locked_theme === $theme 
            && isset( $args[0] ) 
            && 'edit_themes' === $args[0] 
            && isset( $args[1] ) 
            && 1 == $args[1] 
        )
            $allcaps['edit_themes'] = 0;

        return $allcaps;
    }, 10, 4 );
});

or use the map_meta_cap filter instead. But this looks rather complicated so let’s just simplify it to this:

add_action( 'load-theme-editor.php', function()
{   
    // Edit this to your needs
    $locked_file="404.php";
    $locked_theme="twentyfifteen";

    // Disallow editing for this file
    $file   = filter_input( INPUT_GET, 'file', FILTER_SANITIZE_STRING );
    $theme  = filter_input( INPUT_GET, 'theme', FILTER_SANITIZE_STRING );

    if( 
          $locked_file === $file 
        && $locked_theme === $theme 
    )
        wp_die( __( "Sorry, you can't edit this file!" ) );

});

Another approach would be to remove the files from the select box with Javascript.

Leave a Comment