Ticket #9175: 9175-options-serialoption-viewer-patch.txt

### Eclipse Workspace Patch 1.0
#P wordpress
Index: wp-admin/options.php
===================================================================
--- wp-admin/options.php        (revision 10593)
+++ wp-admin/options.php        (working copy)
@@ -83,6 +83,148 @@
        wp_redirect( $goback );
        break;
 
+case 'serialoption':
+// viewer for a serialized option value.
+       
+       // validate input       
+       $option_name = isset( $_GET['option_name'] ) ? (string) trim( $_GET['option_name'] ) : null;
+               
+       if ( $option_name === null )
+               wp_die(__('Cheatin’ uh?'));
+               
+       $r = preg_match('/^[a-z0-9_]*$/', $option_name);
+       if ( $r == 0 )
+               wp_die(__('Cheatin’ uh?'));
+               
+       $options_to_update = array(); // nothing to update right now.
+               
+       include('admin-header.php'); ?>
+<div class="wrap">
+<?php screen_icon(); ?>
+  <h2><?php printf('%s - %s', $option_name, __('Option')); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
+  <?php wp_nonce_field('options-options') ?>
+  <input type="hidden" name="action" value="serialoption" />  
+  <input type='hidden' name='option_page' value='options' />  
+<?php
+       // query option value and validate serialized-ability
+                       
+       $options = $wpdb->get_results(sprintf("SELECT * FROM %s WHERE option_name = '%s'", $wpdb->options, $option_name));
+
+       // the serialoption page can handle only one value
+       if ( count($options) != 1)              
+               wp_die(__('Cheatin&#8217; uh?'));
+       
+       $option = $options[0];
+
+       // $option must be stdclass to continue
+       if ( is_object($option) == false )
+               wp_die(__('Cheatin&#8217; uh?'));
+       
+       // not a serialized value? well, handeled in full options page already                  
+       if ( !is_serialized($option->option_value) )
+               wp_die(__('Cheatin&#8217; uh?'));
+
+       // this case is handeled in the full options page already as well
+       if ( is_serialized_string($option->option_value) )
+               wp_die(__('Cheatin&#8217; uh?'));
+               
+       // unserialize: false on failure, notice will be given as well (usefull for the admin)
+       $unserialized = unserialize($option->option_value);
+       
+       // serialized scalar makes not much sense right now     
+       if ( is_scalar($unserialized) )
+               wp_die(__('Cheatin&#8217; uh?'));
+                               
+       // array
+       // object - will fail/become '__PHP_Incomplete_Class_Name' if class is not defined
+               
+       $title = $type = 'UNDEFINED';   
+       
+       switch ( true ) {
+               case is_scalar($unserialized):
+                       $title = 'SCALAR';
+                       $type  = 'SCALAR';
+                       break;
+                                               
+               case is_object($unserialized):
+                       $title = sprintf('OBJECT (%s)', get_class($unserialized));
+                       $type  = 'OBJECT';
+                       break;
+                       
+               case is_array($unserialized):
+                       $title = sprintf('ARRAY (%d Elements)', count($unserialized));
+                       $type = 'ARRAY';                        
+                       break;
+                       
+               case gettype($unserialized) == 'object':
+                       // this is a fallback since sometime is_object did not make it.
+                       $title = sprintf('OBJECT (%s)', get_class($unserialized));
+                       $type  = 'OBJECT';
+                       break;                  
+                       
+               default:
+                       $title = 'UNKNOWN TYPE ' . gettype($unserialized);
+                       $type  = 'UNKNOWN';
+       } // end inner switch
+       
+       $values = array('UNDEFINED' => '');
+
+       switch ( $type ) {
+               case 'SCALAR':
+                       $values = array($type => (string) $unserialized);
+                       break;
+                       
+               case 'OBJECT':
+                       $values = array(get_class($unserialized) => $unserialized);
+                       break;
+                       
+               case 'ARRAY':
+                       $values = $unserialized;
+                       break;
+                               
+               default:
+                       $values = array('UNKNOWN' => '');
+       } // end inner switch
+       
+?>
+  <h3><?php echo htmlspecialchars($title) ?></h3>
+  <table class="form-table">  
+<?php 
+       foreach ( $values as $key => $value ):
+                       
+               $id = sprintf('edit-%s', htmlspecialchars($key)); 
+               $html_label = sprintf( '<label for="%s">%s</label>', $id, htmlspecialchars($key));
+               
+               // prevent recurisions, stacked arrays and such
+               if (! is_scalar($value) ) {
+                       $value = print_r($value, true);
+               }               
+       
+               // put values in form elements for a better editing experience
+               // $html_input = sprintf('<div>%s</div>', htmlspecialchars(print_r($value, true)) );
+               if ( strpos($value, "\n") !== false ) {
+                       $html_input = sprintf('<textarea class="large-text" name="%s" id="%s" rows="10">%s</textarea>', $id, $id, htmlspecialchars($value));
+               } else {
+                       $html_input = sprintf('<input class="regular-text" type="text" name="%s" id="%s" value="%s" %s />', $id, $id, htmlspecialchars($value), $disabled); 
+               }
+?>
+  <tr>
+       <th scope="row"><?php echo $html_label ?></th>
+       <td><?php echo $html_input ?></td>
+  </tr>
+<?php endforeach; ?>
+  </table>
+  <p class="submit">
+       <a href="options.php" class="button lbutton"><?php _e('Back'); ?></a>
+       <input type="hidden" name="page_options" value="<?php echo htmlspecialchars(implode(',', $options_to_update)); ?>" />
+    <input type="hidden" name="Update-Ex" value="<?php _e('Save Changes') ?>" class="button-primary disabled"  disabled="disabled" />
+  </p>
+  </form>
+</div>
+<?php 
+       break;
+       
 default:
        include('admin-header.php'); ?>
 
@@ -99,38 +241,50 @@
 
 foreach ( (array) $options as $option) :
        $disabled = '';
+       $more     = false;
        $option->option_name = attribute_escape($option->option_name);
        if ( is_serialized($option->option_value) ) {
                if ( is_serialized_string($option->option_value) ) {
                        // this is a serialized string, so we should display it
                        $value = maybe_unserialize($option->option_value);
                        $options_to_update[] = $option->option_name;
-                       $class = 'all-options';
+                       $class = 'all-options';                 
                } else {
-                       $value = 'SERIALIZED DATA';
+                       $value = sprintf('SERIALIZED DATA (~ %s %s)', number_format(strlen($option->option_value)), __('Bytes') );                      
                        $disabled = ' disabled="disabled"';
-                       $class = 'all-options disabled';
-               }
-       } else {
+                       $class = 'all-options disabled';                        
+                       $more  = true;
+               }               
+       } else {                
                $value = $option->option_value;
-               $options_to_update[] = $option->option_name;
+               $options_to_update[] = $option->option_name;            
                $class = 'all-options';
        }
-       echo "
-<tr>
-       <th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-<td>";
-
-       if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
-       else echo "<input class='regular-text $class' type='text' name='$option->option_name' id='$option->option_name' value='" . attribute_escape($value) . "'$disabled />";
+       
+       $html_label = sprintf( '<label for="%1$s">%1$s</label>', $option->option_name );
+       $html_input = '';
+       if ( strpos($value, "\n") !== false ) {
+               $html_input = sprintf('<textarea class="%s" name="%s" id="%s" cols="40" rows="10">%s</textarea>', $class, $option->option_name, $option->option_name, wp_specialchars($value));
+       } else {
+               $html_input = sprintf('<input class="regular-text %s" type="text" name="%s" id="%s" value="%s" %s />', $class, $option->option_name, $option->option_name, attribute_escape($value), $disabled); 
+       }
+               
+       /* more info on seriazlied data, add the expand button to gain access to serialoption */
+       if ( $more ) {
+               $html_href  = sprintf('options.php?action=serialoption&option_name=%s', urlencode($option->option_name));
+               $html_label = sprintf('<a href="%s" class="button">%s</a>',  $html_href, $option->option_name);
+               // uncommented: for label/expand button combo but I like the other combo more. $html_input .= sprintf(' <a href="%s" class="button-primary">%s</a>',  $html_href, _('Expand'));
+       }
 
-       echo "</td>
-</tr>";
-endforeach;
 ?>
+<tr>
+       <th scope="row"><?php echo $html_label ?></th>
+       <td><?php echo $html_input ?></td>
+</tr>
+<?php endforeach; ?>
   </table>
 <?php $options_to_update = implode(',', $options_to_update); ?>
-<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo htmlspecialchars($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Save Changes') ?>" class="button-primary" /></p>
   </form>
 </div>