WordPress.org

Make WordPress Core

Changeset 4333


Ignore:
Timestamp:
10/04/06 12:19:05 (8 years ago)
Author:
markjaquith
Message:

Prevent non-option form elements from sneaking in to the options table. fixes #2595

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/options.php

    r4331 r4333  
    9393    check_admin_referer('update-options'); 
    9494 
    95     if (!$_POST['page_options']) { 
    96         foreach ($_POST as $key => $value) { 
    97             $options[] = $key; 
     95    if ( !$_POST['page_options'] ) { 
     96        foreach ( (array) $_POST as $key => $value) { 
     97            if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) 
     98                $options[] = $key; 
    9899        } 
    99100    } else { 
     
    148149<?php 
    149150$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); 
     151foreach ( (array) $options as $option ) 
     152    $options_to_update[] = $option->option_name; 
     153$options_to_update = implode(',', $options_to_update); 
     154?> 
    150155 
    151 foreach ($options as $option) : 
     156<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />  
     157 
     158<?php 
     159foreach ( (array) $options as $option) : 
    152160    $value = wp_specialchars($option->option_value); 
    153161    echo " 
Note: See TracChangeset for help on using the changeset viewer.