Reactivating Theme and Plugin Editors in WordPressMU

It’s like camping with a Therm-a-Rest. They tell you not to blow into it. They say it’s important to just let it sit and it will self-inflate. Don’t blow it up. That’s bad.

But everyone does it.

It’s the same with the WordPress core. They say “Don’t hack core,” but everyone does it.

Well, almost everyone.

Actually, maybe just one or two of us.

Anyway, I’d never hack the WordPress core if I were working on something for someone else. I’ve had to clean up that mess after an update to the WordPress software completely wrecked the website (I wanted to kill that person).

I am a little bit more likely to hack the core code on my personal site, however. Just as I’m allowed to do anything I want to my house, but would probably bitch-slap someone if they came over and started drilling random holes in the walls.

It’s mine, I’ll accept responsibility for screwing it up. I’m alright making that choice.

So, recently, I moved to a WordPressµ installation at The MettaSite, and placed Positively Glorious! and a few other gems under it’s control. It’s been great so far, but I missed the ability to edit my theme and individual plugins from within the dashboard. For most installations of WordPressµ, disabling this ability is A Good Thing™, because modifying a theme is pretty dangerous if more than one person has access to that theme. It’ll work on one site, but break on others. That’s bad.

But at The MettaSite, there’s just me, and at most 2 or 3 other people that I might host sites for. In this case, it’s easy enough for me to activate a theme on one blog only. It’s a very small, controlled space, so the problems of theme modification are virtually nil.

So, I decided to reactivate my theme and plugin editors in WordPressµ, which involves hacking the core. This is problematic because there are updates to the core code, and every update breaks any hacks you have (as well it should). I might take some time to figure out how to add this functionality to the backend more cleanly and submit an options patch, but until then, I needed a quick reminder about how to fix it– because WordPress will update, and I won’t be able to edit because I was stupid and hacked the core.

The Instructions

It’s pretty simple, actually. In WPMU V.2.8.x, look in the file wp-admin/includes/mu.php and around line 539 find the function wpmu_menu() in it, you’ll find an if statement:

…
    if( !is_site_admin() )
        unset( $submenu['plugins.php'][10] ); // always remove the plugin installer for regular users
    unset( $submenu['plugins.php'][15] ); // always remove the plugin editor
    unset( $submenu['themes.php'][10] ); // always remove the themes editor
…

Change this so that all three of these unset() statements are contained in the if statement. What we’re doing is turning off those editors only if the user is not a site administrator in the database, rather than always.

function wpmu_menu() {
    global $menu, $submenu, $current_user;
…
    if( !is_site_admin() ) {
        unset( $submenu['plugins.php'][10] ); // always remove the plugin installer for regular users
        unset( $submenu['plugins.php'][15] ); // always remove the plugin editor
        unset( $submenu['themes.php'][10] ); // always remove the themes editor
    }
…

Next, scroll down to And around Line 1116 or so to find function disable_some_pages():

…
    $pages = array( 'theme-editor.php', 'plugin-editor.php' );
    foreach( $pages as $page ) {
        if ( strpos( $_SERVER['PHP_SELF'], $page ) ) {
            wp_die( __('Page disabled by the administrator') );
        }
    }
…

Change that if statement to this:

…
    $pages = array( 'theme-editor.php', 'plugin-editor.php' );
    foreach( $pages as $page ) {
        if ( strpos( $_SERVER['PHP_SELF'], $page ) && !is_site_admin() ) {
            wp_die( __('Page disabled by the administrator') );
        }
    }
…

Again, what we’re doing is changing from a policy of disabling the editor pages always, to only disabling them if the current user is not a site admin.

Coda

That should do it. Once you make these two changes (test them out, of course) you should be able to use the built-in editors for both themes and plugins. Of course, what we’d all rather have is a better system for editing them, but unless you want to set up your IDE of choice with an FTP link, or maybe even a continuous integration server, this is a pretty good choice.

Have fun, Morgan

No Comment