Is possible to exclude some files from being viewed and modified in the theme editor?
1 Answer
In general I wouldn’t recommend editing files that way and just disable it with the well known DISALLOW_FILE_EDIT
or DISALLOW_FILE_MODS
constants, that are checked within the map_meta_cap()
function.
But anyway it’s interesting to see if we can find a way to exclude files from the theme editor. Here are some ideas:
There doesn’t seem to be an explicit filter on the allowed files used in the theme editor:
$allowed_files = $theme->get_files( 'php', 1 );
$has_templates = ! empty( $allowed_files );
$style_files = $theme->get_files( 'css' );
$allowed_files['style.css'] = $style_files['style.css'];
$allowed_files += $style_files;
But we could stop the file from being updated with:
Example #1
add_action( 'check_admin_referer', function( $action, $result )
{
// Edit this to your needs
$locked_file="404.php";
$locked_theme="twentyfifteen";
// Disallow editing for this file
if(
false !== strpos( $action, 'edit-theme_' )
&& false !== strpos( $action, $locked_theme . "https://wordpress.stackexchange.com/" . $locked_file )
)
wp_die( __( "Sorry, you can't edit this file!" ) );
}, 10, 2 );
Note that I’m being rather lazy here with the file/theme check, so that could be improved 😉
Now the error message only shows up after we have edited the file and pressed the
Update File button. That could be frustrated user experience.
We could instead halt the screen-output as soon as we click on the file edit link. That’s not great user experience either, but better than the other one.
So we could add this to the previous example:
Example #2
Here we disable the edit_theme
capability, for all users, on the theme-editor.php
screen, when the GET parameters file
and theme
have certain values.
add_action( 'load-theme-editor.php', function()
{
add_filter( 'user_has_cap', function( $allcaps, $caps, $args, $wp_user )
{
// Edit this to your needs
$locked_file="404.php";
$locked_theme="twentyfifteen";
// Disallow editing for this file
$file = filter_input( INPUT_GET, 'file', FILTER_SANITIZE_STRING );
$theme = filter_input( INPUT_GET, 'theme', FILTER_SANITIZE_STRING );
if(
isset( $allcaps['edit_themes'] )
&& $locked_file === $file
&& $locked_theme === $theme
&& isset( $args[0] )
&& 'edit_themes' === $args[0]
&& isset( $args[1] )
&& 1 == $args[1]
)
$allcaps['edit_themes'] = 0;
return $allcaps;
}, 10, 4 );
});
or use the map_meta_cap
filter instead. But this looks rather complicated so let’s just simplify it to this:
add_action( 'load-theme-editor.php', function()
{
// Edit this to your needs
$locked_file="404.php";
$locked_theme="twentyfifteen";
// Disallow editing for this file
$file = filter_input( INPUT_GET, 'file', FILTER_SANITIZE_STRING );
$theme = filter_input( INPUT_GET, 'theme', FILTER_SANITIZE_STRING );
if(
$locked_file === $file
&& $locked_theme === $theme
)
wp_die( __( "Sorry, you can't edit this file!" ) );
});
Another approach would be to remove the files from the select box with Javascript.