Changeset 18356 for branches/3.1/wp-includes/formatting.php

Timestamp:

06/27/2011 09:36:48 PM (14 years ago)

Author:

ryan

Message:

Hardening. Santizers for WPLANG and new_admin_email. Prevent stomping ID and filter. Validate locale filename. Props westi. For 3.1.

Location:

branches/3.1

Files:

• . (modified) (1 prop)
• wp-includes/formatting.php (modified) (2 diffs)

branches/3.1/wp-includes/formatting.php

@@ -2441 +2441 @@
             }
             break;
-
+        case 'new_admin_email':
+            $value = sanitize_email($value);
+            if ( !is_email($value) ) {
+                $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization
+                if ( function_exists('add_settings_error') )
+                    add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));
+            }
+            break;
         case 'thumbnail_size_w':
         case 'thumbnail_size_h':
@@ -2535 +2542 @@
             }
             break;
+        case 'WPLANG':
+            $allowed = get_available_languages();
+            if ( ! in_array( $value, $allowed ) && ! empty( $value ) )
+                $value = get_option( $option );
+            break;
 
         default :