WordPress.org

Make WordPress Core

Changeset 14231


Ignore:
Timestamp:
04/25/10 08:16:10 (5 years ago)
Author:
dd32
Message:

Add basic email/url validation to General options page. Prevents users entering a invalid Admin email or WordPress/Site Address which is not in URL form. Props technosailor for initial patch, slightly reworked. See #12868

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/formatting.php

    r14144 r14231  
    21972197    $original_url = $url; 
    21982198 
    2199     if ('' == $url) return $url; 
     2199    if ( '' == $url ) 
     2200        return $url; 
    22002201    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); 
    22012202    $strip = array('%0d', '%0a', '%0D', '%0A'); 
     
    23572358function sanitize_option($option, $value) { 
    23582359 
    2359     switch ($option) { 
     2360    switch ( $option ) { 
    23602361        case 'admin_email': 
    23612362            $value = sanitize_email($value); 
    2362             if ( !$value && function_exists('add_settings_error') ) 
    2363                 add_settings_error('admin_email', 'invalid_admin_email', __('The email address submitted was not in the right format. Please enter a valid email address.')); 
     2363            if ( !is_email($value) ) { 
     2364                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 
     2365                if ( function_exists('add_settings_error') ) 
     2366                    add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.')); 
     2367            } 
    23642368            break; 
    23652369 
     
    23952399        case 'posts_per_rss': 
    23962400            $value = (int) $value; 
    2397             if ( empty($value) ) $value = 1; 
    2398             if ( $value < -1 ) $value = abs($value); 
     2401            if ( empty($value) ) 
     2402                $value = 1; 
     2403            if ( $value < -1 ) 
     2404                $value = abs($value); 
    23992405            break; 
    24002406 
     
    24362442 
    24372443        case 'siteurl': 
     2444            if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 
     2445                $value = esc_url_raw($value); 
     2446            } else { 
     2447                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 
     2448                if ( function_exists('add_settings_error') ) 
     2449                    add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); 
     2450            } 
     2451            break; 
     2452 
    24382453        case 'home': 
    2439             $value = esc_url_raw($value); 
     2454            if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { 
     2455                $value = esc_url_raw($value); 
     2456            } else { 
     2457                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 
     2458                if ( function_exists('add_settings_error') ) 
     2459                    add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); 
     2460            } 
    24402461            break; 
     2462 
    24412463        default : 
    24422464            $value = apply_filters("sanitize_option_{$option}", $value, $option); 
Note: See TracChangeset for help on using the changeset viewer.