Changeset 4329
- Timestamp:
- 10/04/2006 11:02:31 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/options.php
r4175 r4329 11 11 wp_die(__('Cheatin’ uh?')); 12 12 13 function sanitize_option($option, $value) { 13 function sanitize_option($option, $value) { // Remember to call stripslashes! 14 14 15 15 switch ($option) { 16 16 case 'admin_email': 17 $value = stripslashes($value); 17 18 $value = sanitize_email($value); 18 19 break; … … 21 22 case 'mailserver_port': 22 23 case 'comment_max_links': 24 $value = stripslashes($value); 23 25 $value = abs((int) $value); 24 26 break; … … 26 28 case 'posts_per_page': 27 29 case 'posts_per_rss': 30 $value = stripslashes($value); 28 31 $value = (int) $value; 29 32 if ( empty($value) ) $value = 1; … … 33 36 case 'default_ping_status': 34 37 case 'default_comment_status': 38 $value = stripslashes($value); 35 39 // Options that if not there have 0 value but need to be something like "closed" 36 40 if ( $value == '0' || $value == '') … … 41 45 case 'blogname': 42 46 if (current_user_can('unfiltered_html') == false) 43 $value = wp_filter_post_kses( $value ); 47 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes 48 $value = stripslashes($value); 44 49 break; 45 50 46 51 case 'blog_charset': 47 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); 52 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes 48 53 break; 49 54 … … 56 61 case 'upload_path': 57 62 $value = strip_tags($value); 58 $value = wp_filter_kses($value); 63 $value = wp_filter_kses($value); // calls stripslashes then addslashes 64 $value = stripslashes($value); 59 65 break; 60 66 61 67 case 'gmt_offset': 62 $value = preg_replace('/[^0-9:.-]/', '', $value); 68 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes 63 69 break; 64 70 65 71 case 'siteurl': 66 72 case 'home': 73 $value = stripslashes($value); 67 74 $value = clean_url($value); 75 break; 76 default : 77 $value = stripslashes($value); 68 78 break; 69 79 } … … 90 100 foreach ($options as $option) { 91 101 $option = trim($option); 92 $value = trim( stripslashes($_POST[$option]));93 $value = sanitize_option($option, $value); 102 $value = trim($_POST[$option]); 103 $value = sanitize_option($option, $value); // This does stripslashes on those that need it 94 104 update_option($option, $value); 95 105 }
Note: See TracChangeset
for help on using the changeset viewer.