Context Navigation

← Previous Changeset
Next Changeset →

Changeset 4332

Timestamp:

10/04/2006 12:18:28 PM (18 years ago)

Author:

markjaquith

Message:

Prevent non-option form elements from sneaking in to the options table. fixes #2595

Location:

trunk

Files:

: 3 edited

wp-admin/options.php (modified) (2 diffs)
wp-admin/upgrade-schema.php (modified) (1 diff)
wp-includes/version.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/wp-admin/options.php

-                      r4330
+                      r4332
     check_admin_referer('update-options');
+    if (!$_POST['page_options']) {
+        foreach ($_POST as $key => $value) {
+            $options[] = $key;
+    if ( !$_POST['page_options'] ) {
+        foreach ( (array) $_POST as $key => $value) {
+            if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+                $options[] = $key;
+        }
     } else {
 …
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
+foreach ( (array) $options as $option )
+    $options_to_update[] = $option->option_name;
+$options_to_update = implode(',', $options_to_update);
+?>
+foreach ($options as $option) :
+<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />
+<?php
+foreach ( (array) $options as $option) :
     $value = wp_specialchars($option->option_value, 'single');
     echo "

trunk/wp-admin/upgrade-schema.php

r4196	r4332
234	234
235	235	// Delete unused options
236		$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
	236	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update');
237	237	foreach ($unusedoptions as $option) :
238	238	delete_option($option);

trunk/wp-includes/version.php

r4121	r4332
4	4
5	5	$wp_version = '2.1-alpha3';
6		$wp_db_version = 3845;
	6	$wp_db_version = 3846;
7	7
8	8	?>

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Make WordPress Core