Changeset 13627
- Timestamp:
- 03/09/2010 10:57:49 AM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/options.php
r13545 r13627 23 23 $parent_file = 'options-general.php'; 24 24 25 wp_reset_vars(array('action')); 25 wp_reset_vars(array('action', 'option_page')); 26 27 if ( empty($option_page) ) // This is for back compat and will eventually be removed. 28 $option_page = 'options'; 29 30 if ( !current_user_can('manage_options') ) 31 wp_die(__('Cheatin’ uh?')); 32 33 if ( is_multisite() && !is_super_admin() && 'update' != $action ) 34 wp_die(__('Cheatin’ uh?')); 26 35 27 36 $whitelist_options = array( … … 39 48 40 49 if ( !is_multisite() ) { 41 if ( !defined( 'WP_SITEURL' ) ) $whitelist_options['general'][] = 'siteurl'; 42 if ( !defined( 'WP_HOME' ) ) $whitelist_options['general'][] = 'home'; 50 if ( !defined( 'WP_SITEURL' ) ) 51 $whitelist_options['general'][] = 'siteurl'; 52 if ( !defined( 'WP_HOME' ) ) 53 $whitelist_options['general'][] = 'home'; 54 43 55 $whitelist_options['general'][] = 'admin_email'; 44 56 $whitelist_options['general'][] = 'users_can_register'; … … 56 68 $whitelist_options[ 'misc' ] = array(); 57 69 58 if ( defined( 'POST_BY_EMAIL') )70 if ( apply_filters( 'enable_post_by_email_configuration', true ) ) 59 71 $whitelist_options['writing'] = array_merge($whitelist_options['writing'], $mail_options); 60 72 … … 64 76 $whitelist_options = apply_filters( 'whitelist_options', $whitelist_options ); 65 77 66 if ( !current_user_can('manage_options') ) 67 wp_die(__('Cheatin’ uh?')); 68 69 if ( is_multisite() && is_super_admin() && isset($_GET[ 'adminhash' ]) && $_GET[ 'adminhash' ] ) { 78 if ( is_multisite() && is_super_admin() && !empty($_GET[ 'adminhash' ]) ) { 70 79 $new_admin_details = get_option( 'adminhash' ); 71 if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && $new_admin_details[ 'newemail' ] != '' ) { 72 update_option( "admin_email", $new_admin_details[ 'newemail' ] ); 73 delete_option( "adminhash" ); 74 delete_option( "new_admin_email" ); 75 wp_redirect( get_option( "siteurl" ) . "/wp-admin/options-general.php?updated=true" ); 76 exit; 77 } else { 78 wp_redirect( get_option( "siteurl" ) . "/wp-admin/options-general.php?updated=false" ); 79 exit; 80 } 80 $redirect = admin_url('options-general.php?updated=false'); 81 if ( is_array( $new_admin_details ) && $new_admin_details[ 'hash' ] == $_GET[ 'adminhash' ] && !empty($new_admin_details[ 'newemail' ]) ) { 82 update_option( 'admin_email', $new_admin_details[ 'newemail' ] ); 83 delete_option( 'adminhash' ); 84 delete_option( 'new_admin_email' ); 85 $redirect = admin_url('options-general.php?updated=true'); 86 } 87 wp_redirect( $redirect); 88 exit; 81 89 } 82 83 switch($action) {84 90 85 91 /** 86 92 * If $_GET['action'] == 'update' we are saving settings sent from a settings page 87 93 */ 88 case 'update': 89 if ( isset($_POST[ 'option_page' ]) ) { 90 $option_page = $_POST[ 'option_page' ]; 94 if ( 'update' == $action ) { 95 if ( 'options' == $option_page && !isset($_POST['option_page']) ) // This is for back compat and will eventually be removed. 96 check_admin_referer( 'update-options' ); 97 else 91 98 check_admin_referer( $option_page . '-options' ); 92 } else {93 // This is for back compat and will eventually be removed.94 $option_page = 'options';95 check_admin_referer( 'update-options' );96 }97 99 98 100 if ( !isset( $whitelist_options[ $option_page ] ) ) 99 101 wp_die( __( 'Error: options page not found.' ) ); 100 102 101 if ( 'options' == $option_page ) {103 if ( 'options' == $option_page ) 102 104 $options = explode(',', stripslashes( $_POST[ 'page_options' ] )); 103 if ( !is_super_admin() ) 104 wp_die( __( 'Not allowed here' ) ); 105 } else { 105 else 106 106 $options = $whitelist_options[ $option_page ]; 107 }108 107 109 108 // Handle custom date/time formats … … 127 126 if ( isset($_POST[$option]) ) 128 127 $value = $_POST[$option]; 129 if ( !is_array($value) ) $value = trim($value); 128 if ( !is_array($value) ) 129 $value = trim($value); 130 130 $value = stripslashes_deep($value); 131 131 update_option($option, $value); … … 146 146 $goback = add_query_arg( 'updated', 'true', wp_get_referer() ); 147 147 wp_redirect( $goback ); 148 break; 149 150 default: 151 if ( !is_super_admin() ) 152 wp_die( __( 'Not admin' ) ); 153 154 include('admin-header.php'); ?> 148 exit; 149 } 150 151 include('admin-header.php'); ?> 155 152 156 153 <div class="wrap"> … … 206 203 <?php 207 204 include('admin-footer.php'); 208 break;209 } // end switch210 211 205 ?>
Note: See TracChangeset
for help on using the changeset viewer.