WordPress.org

Make WordPress Core

Ticket #11506: unnamed_option.diff

File unnamed_option.diff, 595 bytes (added by ericmann, 8 years ago)

A patch to validate the $option_name before updating the options table.

  • wp-includes/functions.php

     
    494494 */
    495495function update_option( $option_name, $newvalue ) {
    496496        global $wpdb;
     497       
     498        // Trim whitespace from the $option_name so we can check if it's a real entry
     499        // If the $option_name is empty or blank, we don't add it to the options table
     500        $option_checker = trim( $option_name );
     501        if( empty( $option_checker ) ) return false;
    497502
    498503        wp_protect_special_option( $option_name );
    499504