Die if not posting from wpmu-options or wpmu-blogs

No need to escape these values


git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1107 7be80a69-a1ef-0310-a953-fb0f7c49ff36

1 files changed, 8 insertions, 4 deletions

diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php
index dab9d8e..04e5f9b 100644
--- a/wp-admin/wpmu-edit.php
+++ b/wp-admin/wpmu-edit.php
@@ -20,6 +20,8 @@ switch( $_GET['action'] ) {
 	// Options
 	case "siteoptions":
 		check_admin_referer('siteoptions');
+		if( empty( $_POST ) )
+			die( "You probably need to go back to the <a href='wpmu-options.php'>options page</a>" );
 
 		update_site_option( "WPLANG", $_POST['WPLANG'] );
 		if( is_email( $_POST['admin_email'] ) )
@@ -33,9 +35,9 @@ switch( $_GET['action'] ) {
 		}
 		
 		update_site_option( "illegal_names", $names );
-		update_site_option( "registration", $wpdb->escape( $_POST['registration'] ) );
-		update_site_option( "xmlrpc_active", $wpdb->escape( $_POST[ 'xmlrpc_active' ] ) ); 
-		update_site_option( "registrationnotification", $wpdb->escape( $_POST['registrationnotification'] ) );
+		update_site_option( "registration", $_POST['registration'] );
+		update_site_option( "xmlrpc_active", $_POST[ 'xmlrpc_active' ] ); 
+		update_site_option( "registrationnotification", $_POST['registrationnotification'] );
 		
 		if( $_POST['limited_email_domains'] != '' ) {
 			update_site_option( "limited_email_domains", split( ' ', $_POST['limited_email_domains'] ) );
@@ -127,6 +129,8 @@ switch( $_GET['action'] ) {
 	
 	case "updateblog":
 		check_admin_referer('editblog');
+		if( empty( $_POST ) )
+			die( "You probably need to go back to the <a href='wpmu-blogs.php'>blogs page</a>" );
 
 		// themes
 		if( is_array( $_POST['theme'] ) ) {
@@ -418,4 +422,4 @@ switch( $_GET['action'] ) {
 	break;	
 }
 
-?>
\ No newline at end of file
+?>