WordPress.org

Make WordPress Core

Changeset 13447


Ignore:
Timestamp:
02/26/10 23:36:26 (4 years ago)
Author:
wpmuguru
Message:

sanitize domains in ms-options, fixes #11775

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-edit.php

    r13431 r13447  
    4141            $limited_email_domains = str_replace( ' ', "\n", $_POST[ 'limited_email_domains' ] ); 
    4242            $limited_email_domains = split( "\n", stripslashes( $limited_email_domains ) ); 
     43            $limited_email = array(); 
    4344            foreach ( (array) $limited_email_domains as $domain ) { 
    44                 $limited_email[] = trim( $domain ); 
     45                    $domain = trim( $domain ); 
     46                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) 
     47                    $limited_email[] = trim( $domain ); 
    4548            } 
    4649            update_site_option( "limited_email_domains", $limited_email ); 
     
    5154        if ( $_POST['banned_email_domains'] != '' ) { 
    5255            $banned_email_domains = split( "\n", stripslashes( $_POST[ 'banned_email_domains' ] ) ); 
     56            $banned = array(); 
    5357            foreach ( (array) $banned_email_domains as $domain ) { 
    54                 $banned[] = trim( $domain ); 
     58                $domain = trim( $domain ); 
     59                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) 
     60                    $banned[] = trim( $domain ); 
    5561            } 
    5662            update_site_option( "banned_email_domains", $banned ); 
Note: See TracChangeset for help on using the changeset viewer.