Changeset 5541
- Timestamp:
- 05/25/2007 02:22:30 AM (18 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/options.php
r4990 r5541 10 10 if ( !current_user_can('manage_options') ) 11 11 wp_die(__('Cheatin’ uh?')); 12 13 function sanitize_option($option, $value) { // Remember to call stripslashes!14 15 switch ($option) {16 case 'admin_email':17 $value = stripslashes($value);18 $value = sanitize_email($value);19 break;20 21 case 'default_post_edit_rows':22 case 'mailserver_port':23 case 'comment_max_links':24 $value = stripslashes($value);25 $value = abs((int) $value);26 break;27 28 case 'posts_per_page':29 case 'posts_per_rss':30 $value = stripslashes($value);31 $value = (int) $value;32 if ( empty($value) ) $value = 1;33 if ( $value < -1 ) $value = abs($value);34 break;35 36 case 'default_ping_status':37 case 'default_comment_status':38 $value = stripslashes($value);39 // Options that if not there have 0 value but need to be something like "closed"40 if ( $value == '0' || $value == '')41 $value = 'closed';42 break;43 44 case 'blogdescription':45 case 'blogname':46 if (current_user_can('unfiltered_html') == false)47 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes48 $value = stripslashes($value);49 break;50 51 case 'blog_charset':52 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes53 break;54 55 case 'date_format':56 case 'time_format':57 case 'mailserver_url':58 case 'mailserver_login':59 case 'mailserver_pass':60 case 'ping_sites':61 case 'upload_path':62 $value = strip_tags($value);63 $value = wp_filter_kses($value); // calls stripslashes then addslashes64 $value = stripslashes($value);65 break;66 67 case 'gmt_offset':68 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes69 break;70 71 case 'siteurl':72 case 'home':73 $value = stripslashes($value);74 $value = clean_url($value);75 break;76 default :77 $value = stripslashes($value);78 break;79 }80 81 return $value;82 }83 12 84 13 switch($action) { … … 102 31 $option = trim($option); 103 32 $value = trim($_POST[$option]); 104 $value = s anitize_option($option, $value); // This does stripslashes on those that need it33 $value = stripslashes($value); 105 34 update_option($option, $value); 106 35 } -
trunk/wp-includes/formatting.php
r5262 r5541 1119 1119 } 1120 1120 1121 function sanitize_option($option, $value) { // Remember to call stripslashes! 1122 1123 switch ($option) { 1124 case 'admin_email': 1125 $value = sanitize_email($value); 1126 break; 1127 1128 case 'default_post_edit_rows': 1129 case 'mailserver_port': 1130 case 'comment_max_links': 1131 $value = abs((int) $value); 1132 break; 1133 1134 case 'posts_per_page': 1135 case 'posts_per_rss': 1136 $value = (int) $value; 1137 if ( empty($value) ) $value = 1; 1138 if ( $value < -1 ) $value = abs($value); 1139 break; 1140 1141 case 'default_ping_status': 1142 case 'default_comment_status': 1143 // Options that if not there have 0 value but need to be something like "closed" 1144 if ( $value == '0' || $value == '') 1145 $value = 'closed'; 1146 break; 1147 1148 case 'blogdescription': 1149 case 'blogname': 1150 $value = addslashes($value); 1151 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes 1152 $value = stripslashes($value); 1153 $value = wp_specialchars( $value ); 1154 break; 1155 1156 case 'blog_charset': 1157 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes 1158 break; 1159 1160 case 'date_format': 1161 case 'time_format': 1162 case 'mailserver_url': 1163 case 'mailserver_login': 1164 case 'mailserver_pass': 1165 case 'ping_sites': 1166 case 'upload_path': 1167 $value = strip_tags($value); 1168 $value = addslashes($value); 1169 $value = wp_filter_kses($value); // calls stripslashes then addslashes 1170 $value = stripslashes($value); 1171 break; 1172 1173 case 'gmt_offset': 1174 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes 1175 break; 1176 1177 case 'siteurl': 1178 case 'home': 1179 $value = stripslashes($value); 1180 $value = clean_url($value); 1181 break; 1182 default : 1183 break; 1184 } 1185 1186 return $value; 1187 } 1188 1121 1189 ?> -
trunk/wp-includes/functions.php
r5532 r5541 315 315 316 316 wp_protect_special_option($option_name); 317 318 $newvalue = sanitize_option($option_name, $newvalue); 317 319 318 320 if ( is_string($newvalue) )
Note: See TracChangeset
for help on using the changeset viewer.