外掛標籤
開發者團隊
原文外掛簡介
Flex Explorer adds a simple, read-only file browser to the WordPress admin. It
lets administrators look through the contents of the wp-content directory and
preview text files and images without leaving wp-admin or opening an FTP client.
It never modifies your site: it cannot create, edit, upload, rename, move or
delete files. You can download an individual file, or a whole folder as a ZIP,
for offline viewing, and the originals are always left untouched. Every request is
restricted to the wp-content directory, is limited to administrators, and is
verified with a nonce.
Features
Browse folders inside wp-content with a breadcrumb path.
List files and folders with size and last-modified date.
Search filenames in the current folder and everything below it.
Preview text and code files inline (up to 2 MB).
Preview common images (JPEG, PNG, GIF, WebP, BMP, ICO) inline (up to 5 MB).
Download any single file, or the current folder packaged as a ZIP.
Uses the jQuery bundled with WordPress and plain CSS – no build step, no external libraries.
Security
Access is limited to users with the manage_options capability.
On multisite, access is further restricted to network super admins, since a
per-site administrator should not be able to read the shared wp-content
tree.
If the site defines DISALLOW_FILE_EDIT as true, Flex Explorer disables
itself (including its admin menu) to respect that lockdown.
All AJAX requests are nonce-verified.
Every path is resolved with realpath() and confined to the wp-content
directory; path traversal and symlink escapes are rejected.
wp-config.php, .htaccess and .htpasswd can never be viewed or
downloaded, and are skipped when building a ZIP.
Downloads are always sent as attachments (application/octet-stream) so the
browser never renders file contents inline.
ZIP archives are bounded (file count and total size) and skip symlinks so a
large or looping tree cannot exhaust server resources.
