From 767c3538b9f4aa2684429a7efea8f7728034c754 Mon Sep 17 00:00:00 2001 From: donncha Date: Thu, 5 Oct 2006 17:45:26 +0000 Subject: WP Merge to rev 4347 git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@789 7be80a69-a1ef-0310-a953-fb0f7c49ff36 --- wp-admin/options.php | 55 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 39 insertions(+), 16 deletions(-) (limited to 'wp-admin/options.php') diff --git a/wp-admin/options.php b/wp-admin/options.php index 691c1ec..33f5acd 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -20,22 +20,24 @@ if( $_GET[ 'adminhash' ] ) { exit; } -function sanitize_option($option, $value) { +function sanitize_option($option, $value) { // Remember to call stripslashes! switch ($option) { case 'admin_email': - case 'new_admin_email': + $value = stripslashes($value); $value = sanitize_email($value); break; case 'default_post_edit_rows': case 'mailserver_port': case 'comment_max_links': + $value = stripslashes($value); $value = abs((int) $value); break; case 'posts_per_page': case 'posts_per_rss': + $value = stripslashes($value); $value = (int) $value; if ( empty($value) ) $value = 1; if ( $value < -1 ) $value = abs($value); @@ -43,6 +45,7 @@ function sanitize_option($option, $value) { case 'default_ping_status': case 'default_comment_status': + $value = stripslashes($value); // Options that if not there have 0 value but need to be something like "closed" if ( $value == '0' || $value == '') $value = 'closed'; @@ -51,11 +54,12 @@ function sanitize_option($option, $value) { case 'blogdescription': case 'blogname': if (current_user_can('unfiltered_html') == false) - $value = wp_filter_post_kses( $value ); + $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes + $value = stripslashes($value); break; case 'blog_charset': - $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); + $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes break; case 'date_format': @@ -66,17 +70,22 @@ function sanitize_option($option, $value) { case 'ping_sites': case 'upload_path': $value = strip_tags($value); - $value = wp_filter_kses($value); + $value = wp_filter_kses($value); // calls stripslashes then addslashes + $value = stripslashes($value); break; case 'gmt_offset': - $value = preg_replace('/[^0-9:.-]/', '', $value); + $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes break; case 'siteurl': case 'home': + $value = stripslashes($value); $value = clean_url($value); break; + default : + $value = stripslashes($value); + break; } return $value; @@ -89,9 +98,10 @@ case 'update': check_admin_referer('update-options'); - if (!$_POST['page_options']) { - foreach ($_POST as $key => $value) { - $options[] = $key; + if ( !$_POST['page_options'] ) { + foreach ( (array) $_POST as $key => $value) { + if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) + $options[] = $key; } } else { $options = explode(',', stripslashes($_POST['page_options'])); @@ -100,8 +110,8 @@ case 'update': if ($options) { foreach ($options as $option) { $option = trim($option); - $value = trim(stripslashes($_POST[$option])); - $value = sanitize_option($option, $value); + $value = trim($_POST[$option]); + $value = sanitize_option($option, $value); // This does stripslashes on those that need it update_option($option, $value); } } @@ -119,26 +129,39 @@ if (!is_site_admin()) include('admin-header.php'); ?>
-

-
+

+ +

get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); +foreach ( (array) $options as $option ) + $options_to_update[] = $option->option_name; +$options_to_update = implode(',', $options_to_update); +?> + + -foreach ($options as $option) : +option_value, 'single'); echo " - +"; endforeach; ?>
"; + + if (stristr($value, "\n")) echo ""; + else echo ""; + + echo " $option->option_description
-

+

-- cgit