jafcobend

Yes, its being used on several sites.

The only affect this patch has is on the theme file editor. It is not an upload facility. You would still have to FTP/SFTP additional files. But yes, it makes WordPress use the FTP user. With it you can browse the theme files as usual and post changes back even if the Apache user doesn’t have rights.

Jaumesala,

Yes, the “patch” command is a Unix command. Although its pretty much been ported everywhere. I think its even included in the “cygwin” windows package.

Its purpose is to apply a set of changes documented in one file to another file or even to entire sets of files. The changes are found and spit out in a plain text file typically by a tool called “diff”. Hence they can be called “patch files” or “diff files” or simply “diffs”.

What the commands I showed in my previous post do is to take the changes that I made to the wp-admin/theme-editor.php on my system and apply them to your system. It also makes a backup of the original theme-editor.php just in case you want to revert without unzipping the whole package.

So if you apply the patch I provided you get exactly what you were asking for. A theme editor that uses your FTP credentials to post the changes. Just like the installation of plugins.

OK. Here’s the actual patch.

Just to clarify: This is a patch file created with “diff”. It is meant to patch wp-admin/theme-editor.php. This will give the theme editor the ability to post changes back to the server via direct writes to the file system (if the web server has rights), FTP, SFTP and any other transfer method that WP supports.

To install use the “download” link to download the file. Upload it to your host. Login with a shell account. And use the following commands:

$ cd {wordpress}/wp-admin
$ patch -b theme-editor.php {patch}

I’m assuming a *nix hosting environment. I don’t work in windows environment so If your hosted on windows someone else will need to provide instructions. The ‘$’ at the beginning of the lines are their to illustrate the *nix prompt. Don’t type them. Replace “{wordpress}” with the folder name of your WP install. Replace “{patch}” with the full path to the patch file you uploaded.

Its possible to make similar alterations to other editors like plugin-editor.php to allow more control from the WP control panel.

*WARNING* As has already been brought out in this discussion with the application of this patch and your upload credentials in the wp-config.php file its possible for anyone who gains access to your account to make alterations to WP. However this isn’t really any worse than downloading a poisoned theme or plugin. Personally I think downloading plugins and themes can be more dangerous. You’ve been warned.

I created a patch for “hausinteractive” to version 3.2.1. It uses $wp_filesystem object to post the changed files for themes back to the server. This means that if filesystem permissions allow it it will make changes directly. Otherwise it will ask for upload method and credentials. If the information is already present in wp-config.php then it will be used.

For those who are concerned that their WP accounts will be hacked then they can simply leave their upload credentials out of the wp-config and manually enter them every time an update or change is made.

Here’s the patch:

[Code moderated as per the Forum Rules. Please use the pastebin]