From ecd664ab1e44800681333a32e6962ec52c9e9ae7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabian=20Ka=CC=88gy?= Date: Wed, 14 Sep 2022 21:03:15 +0200 Subject: [PATCH] fix prevent unwanted access of site-editor.php non block themes that support block based template parts should only be allowed to access the site-editor.php file if the query parameter to access the template part editor is set correctly --- src/wp-admin/site-editor.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/wp-admin/site-editor.php b/src/wp-admin/site-editor.php index 0f0305a8d1493..e97470814eaf6 100644 --- a/src/wp-admin/site-editor.php +++ b/src/wp-admin/site-editor.php @@ -23,6 +23,11 @@ wp_die( __( 'The theme you are currently using is not compatible with Full Site Editing.' ) ); } +$is_template_part_editor = isset( $_GET['postType'] ) && 'wp_template_part' === sanitize_key( $_GET['postType'] ); +if ( ! wp_is_block_theme() && ! $is_template_part_editor ) { + wp_die( __( 'The theme you are currently using is not compatible with the Site Editor.' ) ); +} + /** * Do a server-side redirection if missing `postType` and `postId` * query args when visiting Site Editor.