Changeset 18346 for trunk/wp-includes/formatting.php

Timestamp:

06/27/2011 03:56:42 PM (14 years ago)

Author:

ryan

Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi.

File:

• trunk/wp-includes/formatting.php (modified) (2 diffs)

trunk/wp-includes/formatting.php

@@ -2427 +2427 @@
             }
             break;
-
+        case 'new_admin_email':
+            $value = sanitize_email($value);
+            if ( !is_email($value) ) {
+                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
+                if ( function_exists('add_settings_error') )
+                    add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
+            }
+            break;
         case 'thumbnail_size_w':
         case 'thumbnail_size_h':
@@ -2521 +2528 @@
             }
             break;
+        case 'WPLANG':
+            $allowed = get_available_languages();
+            if ( ! in_array( $value, $allowed ) && ! empty( $value ) )
+                $value = get_option( $option );
+            break;
 
         case 'timezone_string':