Make WordPress Core

Changeset 13447


Ignore:
Timestamp:
02/26/2010 11:36:26 PM (15 years ago)
Author:
wpmuguru
Message:

sanitize domains in ms-options, fixes #11775

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-edit.php

    r13431 r13447  
    4141            $limited_email_domains = str_replace( ' ', "\n", $_POST[ 'limited_email_domains' ] );
    4242            $limited_email_domains = split( "\n", stripslashes( $limited_email_domains ) );
     43            $limited_email = array();
    4344            foreach ( (array) $limited_email_domains as $domain ) {
    44                 $limited_email[] = trim( $domain );
     45                    $domain = trim( $domain );
     46                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
     47                    $limited_email[] = trim( $domain );
    4548            }
    4649            update_site_option( "limited_email_domains", $limited_email );
     
    5154        if ( $_POST['banned_email_domains'] != '' ) {
    5255            $banned_email_domains = split( "\n", stripslashes( $_POST[ 'banned_email_domains' ] ) );
     56            $banned = array();
    5357            foreach ( (array) $banned_email_domains as $domain ) {
    54                 $banned[] = trim( $domain );
     58                $domain = trim( $domain );
     59                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
     60                    $banned[] = trim( $domain );
    5561            }
    5662            update_site_option( "banned_email_domains", $banned );
Note: See TracChangeset for help on using the changeset viewer.