diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-10-05 17:45:26 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-10-05 17:45:26 +0000 |
| commit | 767c3538b9f4aa2684429a7efea8f7728034c754 (patch) | |
| tree | 8cc7b4bc82bfc8e5cc2179b7a8aa7b4f9a2be193 /wp-admin/options.php | |
| parent | 23c0a299ada091cdeece968ad5cd3bdd20f5ef3c (diff) | |
| download | wordpress-mu-767c3538b9f4aa2684429a7efea8f7728034c754.tar.gz wordpress-mu-767c3538b9f4aa2684429a7efea8f7728034c754.tar.xz wordpress-mu-767c3538b9f4aa2684429a7efea8f7728034c754.zip | |
WP Merge to rev 4347
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@789 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/options.php')
| -rw-r--r-- | wp-admin/options.php | 55 |
1 files changed, 39 insertions, 16 deletions
diff --git a/wp-admin/options.php b/wp-admin/options.php index 691c1ec..33f5acd 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -20,22 +20,24 @@ if( $_GET[ 'adminhash' ] ) { exit; } -function sanitize_option($option, $value) { +function sanitize_option($option, $value) { // Remember to call stripslashes! switch ($option) { case 'admin_email': - case 'new_admin_email': + $value = stripslashes($value); $value = sanitize_email($value); break; case 'default_post_edit_rows': case 'mailserver_port': case 'comment_max_links': + $value = stripslashes($value); $value = abs((int) $value); break; case 'posts_per_page': case 'posts_per_rss': + $value = stripslashes($value); $value = (int) $value; if ( empty($value) ) $value = 1; if ( $value < -1 ) $value = abs($value); @@ -43,6 +45,7 @@ function sanitize_option($option, $value) { case 'default_ping_status': case 'default_comment_status': + $value = stripslashes($value); // Options that if not there have 0 value but need to be something like "closed" if ( $value == '0' || $value == '') $value = 'closed'; @@ -51,11 +54,12 @@ function sanitize_option($option, $value) { case 'blogdescription': case 'blogname': if (current_user_can('unfiltered_html') == false) - $value = wp_filter_post_kses( $value ); + $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes + $value = stripslashes($value); break; case 'blog_charset': - $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); + $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes break; case 'date_format': @@ -66,17 +70,22 @@ function sanitize_option($option, $value) { case 'ping_sites': case 'upload_path': $value = strip_tags($value); - $value = wp_filter_kses($value); + $value = wp_filter_kses($value); // calls stripslashes then addslashes + $value = stripslashes($value); break; case 'gmt_offset': - $value = preg_replace('/[^0-9:.-]/', '', $value); + $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes break; case 'siteurl': case 'home': + $value = stripslashes($value); $value = clean_url($value); break; + default : + $value = stripslashes($value); + break; } return $value; @@ -89,9 +98,10 @@ case 'update': check_admin_referer('update-options'); - if (!$_POST['page_options']) { - foreach ($_POST as $key => $value) { - $options[] = $key; + if ( !$_POST['page_options'] ) { + foreach ( (array) $_POST as $key => $value) { + if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) + $options[] = $key; } } else { $options = explode(',', stripslashes($_POST['page_options'])); @@ -100,8 +110,8 @@ case 'update': if ($options) { foreach ($options as $option) { $option = trim($option); - $value = trim(stripslashes($_POST[$option])); - $value = sanitize_option($option, $value); + $value = trim($_POST[$option]); + $value = sanitize_option($option, $value); // This does stripslashes on those that need it update_option($option, $value); } } @@ -119,26 +129,39 @@ if (!is_site_admin()) include('admin-header.php'); ?> <div class="wrap"> - <h2><?php _e('All options'); ?></h2> - <form name="form" action="options.php" method="post"> + <h2><?php _e('All Options'); ?></h2> + <form name="form" action="options.php" method="post" id="all-options"> <?php wp_nonce_field('update-options') ?> <input type="hidden" name="action" value="update" /> + <p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> <table width="98%"> <?php $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); +foreach ( (array) $options as $option ) + $options_to_update[] = $option->option_name; +$options_to_update = implode(',', $options_to_update); +?> + +<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /> -foreach ($options as $option) : +<?php +foreach ( (array) $options as $option) : $value = wp_specialchars($option->option_value, 'single'); echo " <tr> <th scope='row'><label for='$option->option_name'>$option->option_name</label></th> - <td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td> +<td>"; + + if (stristr($value, "\n")) echo "<textarea class='all-options' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>"; + else echo "<input class='all-options' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' />"; + + echo "</td> <td>$option->option_description</td> </tr>"; endforeach; ?> </table> -<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings »') ?>" /></p> +<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> </form> </div> |