Changeset 33326
- Timestamp:
- 07/19/2015 11:25:19 PM (8 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/4.2/src/wp-includes/formatting.php
r33315 r33326 3328 3328 function sanitize_option($option, $value) { 3329 3329 global $wpdb; 3330 $error = ''; 3330 3331 3331 3332 switch ( $option ) { … … 3333 3334 case 'new_admin_email' : 3334 3335 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3335 $value = sanitize_email( $value ); 3336 if ( ! is_email( $value ) ) { 3337 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3338 if ( function_exists( 'add_settings_error' ) ) 3339 add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) ); 3336 if ( is_wp_error( $value ) ) { 3337 $error = $value->get_error_message(); 3338 } else { 3339 $value = sanitize_email( $value ); 3340 if ( ! is_email( $value ) ) { 3341 $error = __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ); 3342 } 3340 3343 } 3341 3344 break; … … 3382 3385 case 'blogname': 3383 3386 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3384 $value = wp_kses_post( $value ); 3385 $value = esc_html( $value ); 3387 if ( is_wp_error( $value ) ) { 3388 $error = $value->get_error_message(); 3389 } else { 3390 $value = wp_kses_post( $value ); 3391 $value = esc_html( $value ); 3392 } 3386 3393 break; 3387 3394 … … 3405 3412 case 'upload_path': 3406 3413 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3407 $value = strip_tags( $value ); 3408 $value = wp_kses_data( $value ); 3414 if ( is_wp_error( $value ) ) { 3415 $error = $value->get_error_message(); 3416 } else { 3417 $value = strip_tags( $value ); 3418 $value = wp_kses_data( $value ); 3419 } 3409 3420 break; 3410 3421 … … 3422 3433 case 'siteurl': 3423 3434 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3424 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {3425 $ value = esc_url_raw($value);3435 if ( is_wp_error( $value ) ) { 3436 $error = $value->get_error_message(); 3426 3437 } else { 3427 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3428 if ( function_exists('add_settings_error') ) 3429 add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3438 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 3439 $value = esc_url_raw( $value ); 3440 } else { 3441 $error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 3442 } 3430 3443 } 3431 3444 break; … … 3433 3446 case 'home': 3434 3447 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3435 if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {3436 $ value = esc_url_raw($value);3448 if ( is_wp_error( $value ) ) { 3449 $error = $value->get_error_message(); 3437 3450 } else { 3438 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3439 if ( function_exists('add_settings_error') ) 3440 add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); 3451 if ( preg_match( '#http(s?)://(.+)#i', $value ) ) { 3452 $value = esc_url_raw( $value ); 3453 } else { 3454 $error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' ); 3455 } 3441 3456 } 3442 3457 break; … … 3454 3469 case 'illegal_names': 3455 3470 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3456 if ( ! is_array( $value ) ) 3457 $value = explode( ' ', $value ); 3458 3459 $value = array_values( array_filter( array_map( 'trim', $value ) ) ); 3460 3461 if ( ! $value ) 3462 $value = ''; 3471 if ( is_wp_error( $value ) ) { 3472 $error = $value->get_error_message(); 3473 } else { 3474 if ( ! is_array( $value ) ) 3475 $value = explode( ' ', $value ); 3476 3477 $value = array_values( array_filter( array_map( 'trim', $value ) ) ); 3478 3479 if ( ! $value ) 3480 $value = ''; 3481 } 3463 3482 break; 3464 3483 … … 3466 3485 case 'banned_email_domains': 3467 3486 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3468 if ( ! is_array( $value ) ) 3469 $value = explode( "\n", $value ); 3470 3471 $domains = array_values( array_filter( array_map( 'trim', $value ) ) ); 3472 $value = array(); 3473 3474 foreach ( $domains as $domain ) { 3475 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) 3476 $value[] = $domain; 3487 if ( is_wp_error( $value ) ) { 3488 $error = $value->get_error_message(); 3489 } else { 3490 if ( ! is_array( $value ) ) 3491 $value = explode( "\n", $value ); 3492 3493 $domains = array_values( array_filter( array_map( 'trim', $value ) ) ); 3494 $value = array(); 3495 3496 foreach ( $domains as $domain ) { 3497 if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) { 3498 $value[] = $domain; 3499 } 3500 } 3501 if ( ! $value ) 3502 $value = ''; 3477 3503 } 3478 if ( ! $value )3479 $value = '';3480 3504 break; 3481 3505 … … 3483 3507 $allowed_zones = timezone_identifiers_list(); 3484 3508 if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) { 3485 $value = get_option( $option ); // Resets option to stored value in the case of failed sanitization 3486 if ( function_exists('add_settings_error') ) 3487 add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') ); 3509 $error = __( 'The timezone you have entered is not valid. Please select a valid timezone.' ); 3488 3510 } 3489 3511 break; … … 3493 3515 case 'tag_base': 3494 3516 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3495 $value = esc_url_raw( $value ); 3496 $value = str_replace( 'http://', '', $value ); 3517 if ( is_wp_error( $value ) ) { 3518 $error = $value->get_error_message(); 3519 } else { 3520 $value = esc_url_raw( $value ); 3521 $value = str_replace( 'http://', '', $value ); 3522 } 3497 3523 break; 3498 3524 … … 3505 3531 case 'blacklist_keys': 3506 3532 $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); 3507 $value = explode( "\n", $value ); 3508 $value = array_filter( array_map( 'trim', $value ) ); 3509 $value = array_unique( $value ); 3510 $value = implode( "\n", $value ); 3533 if ( is_wp_error( $value ) ) { 3534 $error = $value->get_error_message(); 3535 } else { 3536 $value = explode( "\n", $value ); 3537 $value = array_filter( array_map( 'trim', $value ) ); 3538 $value = array_unique( $value ); 3539 $value = implode( "\n", $value ); 3540 } 3511 3541 break; 3542 } 3543 3544 if ( ! empty( $error ) ) { 3545 $value = get_option( $option ); 3546 if ( function_exists( 'add_settings_error' ) ) { 3547 add_settings_error( $option, "invalid_{$option}", $error ); 3548 } 3512 3549 } 3513 3550
Note: See TracChangeset
for help on using the changeset viewer.