Make WordPress Core

Changeset 14231


Ignore:
Timestamp:
04/25/2010 08:16:10 AM (15 years ago)
Author:
dd32
Message:

Add basic email/url validation to General options page. Prevents users entering a invalid Admin email or WordPress/Site Address which is not in URL form. Props technosailor for initial patch, slightly reworked. See #12868

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r14144 r14231  
    21972197    $original_url = $url;
    21982198
    2199     if ('' == $url) return $url;
     2199    if ( '' == $url )
     2200        return $url;
    22002201    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
    22012202    $strip = array('%0d', '%0a', '%0D', '%0A');
     
    23572358function sanitize_option($option, $value) {
    23582359
    2359     switch ($option) {
     2360    switch ( $option ) {
    23602361        case 'admin_email':
    23612362            $value = sanitize_email($value);
    2362             if ( !$value && function_exists('add_settings_error') )
    2363                 add_settings_error('admin_email', 'invalid_admin_email', __('The email address submitted was not in the right format. Please enter a valid email address.'));
     2363            if ( !is_email($value) ) {
     2364                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
     2365                if ( function_exists('add_settings_error') )
     2366                    add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
     2367            }
    23642368            break;
    23652369
     
    23952399        case 'posts_per_rss':
    23962400            $value = (int) $value;
    2397             if ( empty($value) ) $value = 1;
    2398             if ( $value < -1 ) $value = abs($value);
     2401            if ( empty($value) )
     2402                $value = 1;
     2403            if ( $value < -1 )
     2404                $value = abs($value);
    23992405            break;
    24002406
     
    24362442
    24372443        case 'siteurl':
     2444            if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
     2445                $value = esc_url_raw($value);
     2446            } else {
     2447                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
     2448                if ( function_exists('add_settings_error') )
     2449                    add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));
     2450            }
     2451            break;
     2452
    24382453        case 'home':
    2439             $value = esc_url_raw($value);
     2454            if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
     2455                $value = esc_url_raw($value);
     2456            } else {
     2457                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
     2458                if ( function_exists('add_settings_error') )
     2459                    add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));
     2460            }
    24402461            break;
     2462
    24412463        default :
    24422464            $value = apply_filters("sanitize_option_{$option}", $value, $option);
Note: See TracChangeset for help on using the changeset viewer.