Ticket #4690: 4690.002.diff
File 4690.002.diff, 1.6 KB (added by , 17 years ago) |
---|
-
wp-includes/functions.php
177 177 178 178 /* Options functions */ 179 179 180 // expects $setting to already be SQL-escaped 180 181 function get_option($setting) { 181 182 global $wpdb; 182 183 … … 276 277 return $alloptions; 277 278 } 278 279 280 // expects $option_name to NOT be SQL-escaped 279 281 function update_option($option_name, $newvalue) { 280 282 global $wpdb; 281 283 282 284 wp_protect_special_option($option_name); 283 285 286 $safe_option_name = $wpdb->escape($option_name); 284 287 $newvalue = sanitize_option($option_name, $newvalue); 285 288 286 289 if ( is_string($newvalue) ) 287 290 $newvalue = trim($newvalue); 288 291 289 292 // If the new and old values are the same, no need to update. 290 $oldvalue = get_option($ option_name);293 $oldvalue = get_option($safe_option_name); 291 294 if ( $newvalue === $oldvalue ) { 292 295 return false; 293 296 } … … 325 328 } 326 329 327 330 // thx Alex Stapleton, http://alex.vort-x.net/blog/ 331 // expects $option_name to NOT be SQL-escaped 328 332 function add_option($name, $value = '', $description = '', $autoload = 'yes') { 329 333 global $wpdb; 330 334 331 335 wp_protect_special_option($name); 336 $safe_name = $wpdb->escape($name); 332 337 333 338 // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query 334 339 $notoptions = wp_cache_get('notoptions', 'options'); 335 340 if ( !is_array($notoptions) || !isset($notoptions[$name]) ) 336 if ( false !== get_option($ name) )341 if ( false !== get_option($safe_name) ) 337 342 return; 338 343 339 344 $value = maybe_serialize($value);