WordPress.org

Make WordPress Core

Changeset 4332


Ignore:
Timestamp:
10/04/06 12:18:28 (8 years ago)
Author:
markjaquith
Message:

Prevent non-option form elements from sneaking in to the options table. fixes #2595

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options.php

    r4330 r4332  
    8989    check_admin_referer('update-options'); 
    9090 
    91     if (!$_POST['page_options']) { 
    92         foreach ($_POST as $key => $value) { 
    93             $options[] = $key; 
     91    if ( !$_POST['page_options'] ) { 
     92        foreach ( (array) $_POST as $key => $value) { 
     93            if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) 
     94                $options[] = $key; 
    9495        } 
    9596    } else { 
     
    123124<?php 
    124125$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); 
     126foreach ( (array) $options as $option ) 
     127    $options_to_update[] = $option->option_name; 
     128$options_to_update = implode(',', $options_to_update); 
     129?> 
    125130 
    126 foreach ($options as $option) : 
     131<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />  
     132 
     133<?php 
     134foreach ( (array) $options as $option) : 
    127135    $value = wp_specialchars($option->option_value, 'single'); 
    128136    echo " 
  • trunk/wp-admin/upgrade-schema.php

    r4196 r4332  
    234234 
    235235    // Delete unused options 
    236     $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog'); 
     236    $unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update'); 
    237237    foreach ($unusedoptions as $option) : 
    238238        delete_option($option); 
  • trunk/wp-includes/version.php

    r4121 r4332  
    44 
    55$wp_version = '2.1-alpha3'; 
    6 $wp_db_version = 3845; 
     6$wp_db_version = 3846; 
    77 
    88?> 
Note: See TracChangeset for help on using the changeset viewer.