WordPress.org

Make WordPress Core

Ticket #11506: unnamed_option.diff

File unnamed_option.diff, 595 bytes (added by ericmann, 6 years ago)

A patch to validate the $option_name before updating the options table.

  • wp-includes/functions.php

     
    494494 */ 
    495495function update_option( $option_name, $newvalue ) { 
    496496        global $wpdb; 
     497         
     498        // Trim whitespace from the $option_name so we can check if it's a real entry 
     499        // If the $option_name is empty or blank, we don't add it to the options table 
     500        $option_checker = trim( $option_name ); 
     501        if( empty( $option_checker ) ) return false; 
    497502 
    498503        wp_protect_special_option( $option_name ); 
    499504