I'm attempting to log lots of WP activities to create an audit trail. I'd like to disable the plugin and theme editors entirely, but it is not an option. Those functions appear to be very light on pluggability, best option I can see is to listen to the nonce validation and filter all of them. Does anyone know of an alternate, less brittle seeming method of running a little bit of code every time the plugin or theme editor saves a file?
I'm attempting to log lots of WP activities to create an audit trail. I'd like to disable the plugin and theme editors entirely, but it is not an option. Those functions appear to be very light on pluggability, best option I can see is to listen to the nonce validation and filter all of them. Does anyone know of an alternate, less brittle seeming method of running a little bit of code every time the plugin or theme editor saves a file?
The ajax action that runs on theme or plugin update is edit-theme-plugin-file so you should be able to hook into it by running code on the wp_ajax_edit-theme-plugin-file hook.
add_action('wp_ajax_edit-theme-plugin-file', 'log_cowboy_coders', 0);
function log_cowboy_coders() {
$user = get_current_user_id();
if (!empty($__POST['theme'])) {
// Log that someone is editing a theme
} else if (!empty($__POST['plugin'])) {
//log that someone is editing a plugin
}
if (!empty($__POST['file'])) {
//log what file they are editing
}
}
the entire updated contents of that file is also included in the POST data($__POST['newcontent']) so if you run your function before default ajax action runs you could probably get the original content and save the difference between the two.