Changeset 31064 for trunk/src/wp-includes/formatting.php

Timestamp:

01/07/2015 04:14:32 AM (11 years ago)

Author:

pento

Message:

Options: When updating options, make sure the user isn't trying to insert characters that aren't supported by the database character set.

See #30361.

File:

• trunk/src/wp-includes/formatting.php (modified) (9 diffs)

trunk/src/wp-includes/formatting.php

@@ -3265 +3265 @@
  */
 function sanitize_option($option, $value) {
+    global $wpdb;
 
     switch ( $option ) {
         case 'admin_email' :
         case 'new_admin_email' :
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             $value = sanitize_email( $value );
             if ( ! is_email( $value ) ) {
@@ -3317 +3319 @@
         case 'blogdescription':
         case 'blogname':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             $value = wp_kses_post( $value );
             $value = esc_html( $value );
@@ -3339 +3342 @@
         case 'mailserver_pass':
         case 'upload_path':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             $value = strip_tags( $value );
             $value = wp_kses_data( $value );
@@ -3355 +3359 @@
 
         case 'siteurl':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
                 $value = esc_url_raw($value);
@@ -3365 +3370 @@
 
         case 'home':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {
                 $value = esc_url_raw($value);
@@ -3385 +3391 @@
 
         case 'illegal_names':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             if ( ! is_array( $value ) )
                 $value = explode( ' ', $value );
@@ -3396 +3403 @@
         case 'limited_email_domains':
         case 'banned_email_domains':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             if ( ! is_array( $value ) )
                 $value = explode( "\n", $value );
@@ -3422 +3430 @@
         case 'category_base':
         case 'tag_base':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             $value = esc_url_raw( $value );
             $value = str_replace( 'http://', '', $value );
@@ -3433 +3442 @@
         case 'moderation_keys':
         case 'blacklist_keys':
+            $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
             $value = explode( "\n", $value );
             $value = array_filter( array_map( 'trim', $value ) );