Make WordPress Core

Changeset 21993


Ignore:
Timestamp:
09/25/2012 01:54:12 AM (12 years ago)
Author:
nacin
Message:

Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/network/settings.php

    r21051 r21993  
    4545    check_admin_referer( 'siteoptions' );
    4646
    47     if ( isset( $_POST['WPLANG'] ) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) )
    48         update_site_option( 'WPLANG', $_POST['WPLANG'] );
    49 
    50     if ( is_email( $_POST['admin_email'] ) )
    51         update_site_option( 'admin_email', $_POST['admin_email'] );
    52 
    53     $illegal_names = explode( ' ', $_POST['illegal_names'] );
    54     foreach ( (array) $illegal_names as $name ) {
    55         $name = trim( $name );
    56         if ( $name != '' )
    57             $names[] = trim( $name );
    58     }
    59     update_site_option( 'illegal_names', $names );
    60 
    61     if ( $_POST['limited_email_domains'] != '' ) {
    62         $limited_email_domains = str_replace( ' ', "\n", $_POST['limited_email_domains'] );
    63         $limited_email_domains = explode( "\n", stripslashes( $limited_email_domains ) );
    64         $limited_email = array();
    65         foreach ( (array) $limited_email_domains as $domain ) {
    66             $domain = trim( $domain );
    67             if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
    68                 $limited_email[] = trim( $domain );
    69         }
    70         update_site_option( 'limited_email_domains', $limited_email );
    71     } else {
    72         update_site_option( 'limited_email_domains', '' );
    73     }
    74 
    75     if ( $_POST['banned_email_domains'] != '' ) {
    76         $banned_email_domains = explode( "\n", stripslashes( $_POST['banned_email_domains'] ) );
    77         $banned = array();
    78         foreach ( (array) $banned_email_domains as $domain ) {
    79             $domain = trim( $domain );
    80             if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
    81                 $banned[] = trim( $domain );
    82         }
    83         update_site_option( 'banned_email_domains', $banned );
    84     } else {
    85         update_site_option( 'banned_email_domains', '' );
    86     }
    87 
    88     $options = array( 'registrationnotification', 'registration', 'add_new_users', 'menu_items', 'upload_space_check_disabled', 'blog_upload_space', 'upload_filetypes', 'site_name', 'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author', 'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'global_terms_enabled' );
    8947    $checked_options = array( 'menu_items' => array(), 'registrationnotification' => 'no', 'upload_space_check_disabled' => 1, 'add_new_users' => 0 );
    9048    foreach ( $checked_options as $option_name => $option_unchecked_value ) {
     
    9250            $_POST[$option_name] = $option_unchecked_value;
    9351    }
     52
     53    $options = array(
     54        'registrationnotification', 'registration', 'add_new_users', 'menu_items',
     55        'upload_space_check_disabled', 'blog_upload_space', 'upload_filetypes', 'site_name',
     56        'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author',
     57        'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'global_terms_enabled',
     58        'illegal_names', 'limited_email_domains', 'banned_email_domains', 'WPLANG', 'admin_email',
     59    );
     60
    9461    foreach ( $options as $option_name ) {
    9562        if ( ! isset($_POST[$option_name]) )
  • trunk/wp-includes/formatting.php

    r21888 r21993  
    28632863            break;
    28642864
     2865        case 'illegal_names':
     2866            if ( ! is_array( $value ) )
     2867                $value = explode( "\n", $value );
     2868
     2869            $value = array_values( array_filter( array_map( 'trim', $value ) ) );
     2870
     2871            if ( ! $value )
     2872                $value = '';
     2873            break;
     2874
     2875        case 'limited_email_domains':
     2876        case 'banned_email_domains':
     2877            if ( ! is_array( $value ) )
     2878                $value = explode( "\n", $value );
     2879
     2880            $domains = array_values( array_filter( array_map( 'trim', $value ) ) );
     2881            $value = array();
     2882
     2883            foreach ( $domains as $domain ) {
     2884                if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
     2885                    $value[] = $domain;
     2886            }
     2887            if ( ! $value )
     2888                $value = '';
     2889            break;
     2890
    28652891        case 'timezone_string':
    28662892            $allowed_zones = timezone_identifiers_list();
Note: See TracChangeset for help on using the changeset viewer.