Ticket #32308: 32308.1.patch
File 32308.1.patch, 7.8 KB (added by , 10 years ago) |
---|
-
wp-includes/formatting.php
3332 3332 case 'admin_email' : 3333 3333 case 'new_admin_email' : 3334 3334 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3335 $value = sanitize_email( $value ); 3336 if ( ! is_email( $value ) ) { 3335 if ( is_wp_error( $value ) ) { 3337 3336 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3338 if ( function_exists( 'add_settings_error' ) ) 3339 add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) ); 3337 add_settings_error( $option, $value->get_error_message() ); 3338 } else { 3339 $value = sanitize_email( $value ); 3340 if ( ! is_email( $value ) ) { 3341 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3342 if ( function_exists( 'add_settings_error' ) ) 3343 add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) ); 3344 } 3340 3345 } 3341 3346 break; 3342 3347 … … 3381 3386 case 'blogdescription': 3382 3387 case 'blogname': 3383 3388 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3384 $value = wp_kses_post( $value ); 3385 $value = esc_html( $value ); 3389 if ( is_wp_error( $value ) ) { 3390 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3391 add_settings_error( $option, $value->get_error_message() ); 3392 } else { 3393 $value = wp_kses_post( $value ); 3394 $value = esc_html( $value ); 3395 } 3386 3396 break; 3387 3397 3388 3398 case 'blog_charset': … … 3404 3414 case 'mailserver_pass': 3405 3415 case 'upload_path': 3406 3416 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3407 $value = strip_tags( $value ); 3408 $value = wp_kses_data( $value ); 3417 if ( is_wp_error( $value ) ) { 3418 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3419 add_settings_error( $option, $value->get_error_message() ); 3420 } else { 3421 $value = strip_tags( $value ); 3422 $value = wp_kses_data( $value ); 3423 } 3409 3424 break; 3410 3425 3411 3426 case 'ping_sites': … … 3421 3436 3422 3437 case 'siteurl': 3423 3438 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3424 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 3425 $value = esc_url_raw($value); 3426 } else { 3439 if ( is_wp_error( $value ) ) { 3427 3440 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3428 if ( function_exists('add_settings_error') ) 3429 add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3441 add_settings_error( $option, $value->get_error_message() ); 3442 } else { 3443 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 3444 $value = esc_url_raw($value); 3445 } else { 3446 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3447 if ( function_exists('add_settings_error') ) 3448 add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3449 } 3430 3450 } 3431 3451 break; 3432 3452 3433 3453 case 'home': 3434 3454 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3435 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 3436 $value = esc_url_raw($value); 3437 } else { 3455 if ( is_wp_error( $value ) ) { 3438 3456 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3439 if ( function_exists('add_settings_error') ) 3440 add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3457 add_settings_error( $option, $value->get_error_message() ); 3458 } else { 3459 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 3460 $value = esc_url_raw($value); 3461 } else { 3462 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3463 if ( function_exists('add_settings_error') ) 3464 add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3465 } 3441 3466 } 3442 3467 break; 3443 3468 … … 3453 3478 3454 3479 case 'illegal_names': 3455 3480 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3456 if ( ! is_array( $value ) ) 3457 $value = explode( ' ', $value ); 3481 if ( is_wp_error( $value ) ) { 3482 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3483 add_settings_error( $option, $value->get_error_message() ); 3484 } else { 3485 if ( ! is_array( $value ) ) 3486 $value = explode( ' ', $value ); 3458 3487 3459 $value = array_values( array_filter( array_map( 'trim', $value ) ) );3488 $value = array_values( array_filter( array_map( 'trim', $value ) ) ); 3460 3489 3461 if ( ! $value ) 3462 $value = ''; 3490 if ( ! $value ) { 3491 $value = ''; 3492 } 3493 } 3463 3494 break; 3464 3495 3465 3496 case 'limited_email_domains': 3466 3497 case 'banned_email_domains': 3467 3498 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3468 if ( ! is_array( $value ) ) 3469 $value = explode( "\n", $value ); 3499 if ( is_wp_error( $value ) ) { 3500 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3501 add_settings_error( $option, $value->get_error_message() ); 3502 } else { 3503 if ( ! is_array( $value ) ) { 3504 $value = explode( "\n", $value ); 3505 } 3470 3506 3471 $domains = array_values( array_filter( array_map( 'trim', $value ) ) );3472 $value = array();3507 $domains = array_values( array_filter( array_map( 'trim', $value ) ) ); 3508 $value = array(); 3473 3509 3474 foreach ( $domains as $domain ) { 3475 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) 3476 $value[] = $domain; 3510 foreach ( $domains as $domain ) { 3511 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) { 3512 $value[] = $domain; 3513 } 3514 } 3515 if ( ! $value ) { 3516 $value = ''; 3517 } 3477 3518 } 3478 if ( ! $value )3479 $value = '';3480 3519 break; 3481 3520 3482 3521 case 'timezone_string': … … 3492 3531 case 'category_base': 3493 3532 case 'tag_base': 3494 3533 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3495 $value = esc_url_raw( $value ); 3496 $value = str_replace( 'http://', '', $value ); 3534 if ( is_wp_error( $value ) ) { 3535 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3536 add_settings_error( $option, $value->get_error_message() ); 3537 } else { 3538 $value = esc_url_raw( $value ); 3539 $value = str_replace( 'http://', '', $value ); 3540 } 3497 3541 break; 3498 3542 3499 3543 case 'default_role' : … … 3504 3548 case 'moderation_keys': 3505 3549 case 'blacklist_keys': 3506 3550 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3507 $value = explode( "\n", $value ); 3508 $value = array_filter( array_map( 'trim', $value ) ); 3509 $value = array_unique( $value ); 3510 $value = implode( "\n", $value ); 3551 if ( is_wp_error( $value ) ) { 3552 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3553 add_settings_error( $option, $value->get_error_message() ); 3554 } else { 3555 $value = explode( "\n", $value ); 3556 $value = array_filter( array_map( 'trim', $value ) ); 3557 $value = array_unique( $value ); 3558 $value = implode( "\n", $value ); 3559 } 3511 3560 break; 3512 3561 } 3513 3562