WordPress 后台无法编辑文件解决方式

learningman 6月 07, 2018

升级到 WordPress 4.9 之后后台莫名其妙就不能修改文件了,报错未能与站点联系来检查致命错误,因此PHP修改已被回滚。您需要采用其他方式(如SFTP)上传您修改的PHP文件。
最后在WP官方的论坛上找到了解决方案。

方案

修改wp-admin/includes/file.php491-598行左右的代码

if ( $is_active && 'php' === $extension ) { $scrape_key = md5( rand() ); $transient = 'scrape_key_' . $scrape_key; $scrape_nonce = strval( rand() ); set_transient( $transient, $scrape_nonce, 60 ); // It shouldn't take more than 60 seconds to make the two loopback requests. $cookies = wp_unslash( $_COOKIE ); $scrape_params = array( 'wp_scrape_key' => $scrape_key, 'wp_scrape_nonce' => $scrape_nonce, ); $headers = array( 'Cache-Control' => 'no-cache', ); // Include Basic auth in loopback requests. if ( isset( $_SERVER['PHP_AUTH_USER'] ) && isset( $_SERVER['PHP_AUTH_PW'] ) ) { $headers['Authorization'] = 'Basic ' . base64_encode( wp_unslash( $_SERVER['PHP_AUTH_USER'] ) . ':' . wp_unslash( $_SERVER['PHP_AUTH_PW'] ) ); } // Make sure PHP process doesn't die before loopback requests complete. @set_time_limit( 300 ); // Time to wait for loopback requests to finish. $timeout = 100; $needle_start = "###### wp_scraping_result_start:$scrape_key ######"; $needle_end = "###### wp_scraping_result_end:$scrape_key ######"; // Attempt loopback request to editor to see if user just whitescreened themselves. if ( $plugin ) { $url = add_query_arg( compact( 'plugin', 'file' ), admin_url( 'plugin-editor.php' ) ); } elseif ( isset( $stylesheet ) ) { $url = add_query_arg( array( 'theme' => $stylesheet, 'file' => $file, ), admin_url( 'theme-editor.php' ) ); } else { $url = admin_url(); } $url = add_query_arg( $scrape_params, $url ); $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) ); $body = wp_remote_retrieve_body( $r ); $scrape_result_position = strpos( $body, $needle_start ); $loopback_request_failure = array( 'code' => 'loopback_request_failed', 'message' => __( 'Unable to communicate back with site to check for fatal errors, so the PHP change was reverted. You will need to upload your PHP file change by some other means, such as by using SFTP.' ), ); $json_parse_failure = array( 'code' => 'json_parse_error', ); $result = null; if ( false === $scrape_result_position ) { $result = $loopback_request_failure; } else { $error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) ); $error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) ); $result = json_decode( trim( $error_output ), true ); if ( empty( $result ) ) { $result = $json_parse_failure; } } // Try making request to homepage as well to see if visitors have been whitescreened. if ( true === $result ) { $url = home_url( '/' ); $url = add_query_arg( $scrape_params, $url ); $r = wp_remote_get( $url, compact( 'cookies', 'headers', 'timeout' ) ); $body = wp_remote_retrieve_body( $r ); $scrape_result_position = strpos( $body, $needle_start ); if ( false === $scrape_result_position ) { $result = $loopback_request_failure; } else { $error_output = substr( $body, $scrape_result_position + strlen( $needle_start ) ); $error_output = substr( $error_output, 0, strpos( $error_output, $needle_end ) ); $result = json_decode( trim( $error_output ), true ); if ( empty( $result ) ) { $result = $json_parse_failure; } } } delete_transient( $transient ); if ( true !== $result ) { // Roll-back file change. file_put_contents( $real_file, $previous_content ); if ( function_exists( 'opcache_invalidate' ) ) { opcache_invalidate( $real_file, true ); } if ( ! isset( $result['message'] ) ) { $message = __( 'An unidentified error has occurred.' ); } else { $message = $result['message']; unset( $result['message'] ); } return new WP_Error( 'php_error', $message, $result ); } }

核心思路是使其不能正常工作,提供两种方案

  • 删除代码块
  • if ( is_active && 'php' === extension ) {中的php改为任意字段,比如233,twt等不可能作为文件类型的字段

推荐使用第二种方案,因为方案一在WordPress 4.9.6上会引起另一个错误,原因是缺失了安全性检验

操作的原理是直接禁用掉了安全性检验,事实上还是有一定风险的,如果条件允许,直接使用FTP操作文件会是更好的选择,坐等官方修bug

方法来源:Topic: Can’t edit main theme php files after upgrading to 4.9 « WordPress.org Forums

本文采用 CC BY-NC-SA 3.0 协议进行许可,在您遵循此协议的情况下,可以自由共享与演绎本文章。
本文链接:https://learningman.top/archives/374.html

  1. learningman说道:

    233

发表评论

电子邮件地址不会被公开。 必填项已用*标注




you're currently offline