diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-08-31 14:55:29 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-08-31 14:55:29 +0000 |
| commit | b764f60728be1d4e026f9d7ae618ab47e23322f8 (patch) | |
| tree | 1f1b45c4f1c1cf027b3240f605346e56209be8ff /wp-admin/options.php | |
| parent | dad010666b767a1d06588d1d09c771c62f67c387 (diff) | |
| download | wordpress-mu-b764f60728be1d4e026f9d7ae618ab47e23322f8.tar.gz wordpress-mu-b764f60728be1d4e026f9d7ae618ab47e23322f8.tar.xz wordpress-mu-b764f60728be1d4e026f9d7ae618ab47e23322f8.zip | |
WP Merge to rev #4147
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@729 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/options.php')
| -rw-r--r-- | wp-admin/options.php | 72 |
1 files changed, 67 insertions, 5 deletions
diff --git a/wp-admin/options.php b/wp-admin/options.php index b6a8c50..c521d54 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -10,6 +10,67 @@ wp_reset_vars(array('action')); if ( !current_user_can('manage_options') ) wp_die(__('Cheatin’ uh?')); +function sanitize_option($option, $value) { + + switch ($option) { + case 'admin_email': + $value = sanitize_email($value); + break; + + case 'default_post_edit_rows': + case 'mailserver_port': + case 'comment_max_links': + $value = abs((int) $value); + break; + + case 'posts_per_page': + case 'posts_per_rss': + $value = (int) $value; + if ( empty($value) ) $value = 1; + if ( $value < -1 ) $value = abs($value); + break; + + case 'default_ping_status': + case 'default_comment_status': + // Options that if not there have 0 value but need to be something like "closed" + if ( $value == '0' || $value == '') + $value = 'closed'; + break; + + case 'blogdescription': + case 'blogname': + if (current_user_can('unfiltered_html') == false) + $value = wp_filter_post_kses( $value ); + break; + + case 'blog_charset': + $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); + break; + + case 'date_format': + case 'time_format': + case 'mailserver_url': + case 'mailserver_login': + case 'mailserver_pass': + case 'ping_sites': + case 'upload_path': + $value = strip_tags($value); + $value = wp_filter_kses($value); + break; + + case 'gmt_offset': + $value = preg_replace('/[^0-9:.-]/', '', $value); + break; + + case 'siteurl': + case 'home': + $value = clean_url($value); + break; + } + + return $value; +} + if( $_GET[ 'adminhash' ] ) { $new_admin_details = get_option( 'new_admin_email' ); if( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && $new_admin_details[ 'newemail' ] != '' ) { @@ -36,8 +97,8 @@ case 'update': } // Save for later. - $old_siteurl = get_settings('siteurl'); - $old_home = get_settings('home'); + $old_siteurl = get_option('siteurl'); + $old_home = get_option('home'); // HACK // Options that if not there have 0 value but need to be something like "closed" @@ -46,7 +107,8 @@ case 'update': foreach ($options as $option) { $option = trim($option); $value = trim(stripslashes($_POST[$option])); - if( in_array($option, $nonbools) && ( $value == '0' || $value == '') ) + $value = sanitize_option($option, $value); + if( in_array($option, $nonbools) && ( $value == '0' || $value == '') ) $value = 'closed'; if( $option == 'blogdescription' || $option == 'blogname' ) @@ -93,13 +155,13 @@ This email has been sent to '{$value}' if ($any_changed) { // If siteurl or home changed, reset cookies. - if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) { + if ( get_option('siteurl') != $old_siteurl || get_option('home') != $old_home ) { // If home changed, write rewrite rules to new location. $wp_rewrite->flush_rules(); // Clear cookies for old paths. wp_clearcookie(); // Set cookies for new paths. - wp_setcookie($user_login, $user_pass_md5, true, get_settings('home'), get_settings('siteurl')); + wp_setcookie($user_login, $user_pass_md5, true, get_option('home'), get_option('siteurl')); } //$message = sprintf(__('%d setting(s) saved... '), $any_changed); |