#21552 closed enhancement (fixed)
Move option sanitization in network/settings.php to sanitize_option
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 3.5 |
| Component: | Multisite | Version: | 3.0 |
| Severity: | normal | Keywords: | has-patch commit |
| Cc: |
Description
When Networks settings are saved in wp-admin/network/settings.php, the sanitization is done inline. This code needs to be moved to sanitize_option() where all of the other options are sanitized. This also combines duplicated code.
Attachments (2)
Change History (11)
Seems to me like in both cases, we also need to account for the value possibly being an array (someone making a change manually, rather than through settings.php).
Illegal names handling can probably be simplified to:
if ( ! is_array( $value ) ) $value = explode( ' ', $value ); $value = array_filter( array_map( 'trim', $value ) ); if ( ! $value ) $value = '';
Also, stripslashes() already occurs in the settings.php handler (just as it does in options.php).
comment:4
wonderboymusic — 8 months ago
- Keywords needs-refresh removed
Refreshed the patch - here's a quick and dirty:
update_option( 'illegal_names', array( '', 'Woo', '' ) ); update_option( 'limited_email_domains', array( 'woo', '', 'boo.com', 'foo.net.biz..' ) ); update_option( 'banned_email_domains', array( 'woo', '', 'boo.com', 'foo.net.biz..' ) ); print_r( get_option( 'illegal_names' ) ); print_r( get_option( 'limited_email_domains' ) ); print_r( get_option( 'banned_email_domains' ) ); exit();
- Keywords commit needs-unit-tests added
Cool stuff. Maybe that can become a unit test?
comment:6
wonderboymusic — 8 months ago
will fire one up fairly soon
wonderboymusic — 8 months ago
wonderboymusic — 8 months ago
comment:7
wonderboymusic — 8 months ago
Added a unit test and refreshed patch to not save filtered arrays with their original numeric indexes
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed
In [21993]:
Yes please.