Changeset 5541 for trunk/wp-admin/options.php
- Timestamp:
- 05/25/2007 02:22:30 AM (18 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/options.php
r4990 r5541 10 10 if ( !current_user_can('manage_options') ) 11 11 wp_die(__('Cheatin’ uh?')); 12 13 function sanitize_option($option, $value) { // Remember to call stripslashes!14 15 switch ($option) {16 case 'admin_email':17 $value = stripslashes($value);18 $value = sanitize_email($value);19 break;20 21 case 'default_post_edit_rows':22 case 'mailserver_port':23 case 'comment_max_links':24 $value = stripslashes($value);25 $value = abs((int) $value);26 break;27 28 case 'posts_per_page':29 case 'posts_per_rss':30 $value = stripslashes($value);31 $value = (int) $value;32 if ( empty($value) ) $value = 1;33 if ( $value < -1 ) $value = abs($value);34 break;35 36 case 'default_ping_status':37 case 'default_comment_status':38 $value = stripslashes($value);39 // Options that if not there have 0 value but need to be something like "closed"40 if ( $value == '0' || $value == '')41 $value = 'closed';42 break;43 44 case 'blogdescription':45 case 'blogname':46 if (current_user_can('unfiltered_html') == false)47 $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes48 $value = stripslashes($value);49 break;50 51 case 'blog_charset':52 $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes53 break;54 55 case 'date_format':56 case 'time_format':57 case 'mailserver_url':58 case 'mailserver_login':59 case 'mailserver_pass':60 case 'ping_sites':61 case 'upload_path':62 $value = strip_tags($value);63 $value = wp_filter_kses($value); // calls stripslashes then addslashes64 $value = stripslashes($value);65 break;66 67 case 'gmt_offset':68 $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes69 break;70 71 case 'siteurl':72 case 'home':73 $value = stripslashes($value);74 $value = clean_url($value);75 break;76 default :77 $value = stripslashes($value);78 break;79 }80 81 return $value;82 }83 12 84 13 switch($action) { … … 102 31 $option = trim($option); 103 32 $value = trim($_POST[$option]); 104 $value = s anitize_option($option, $value); // This does stripslashes on those that need it33 $value = stripslashes($value); 105 34 update_option($option, $value); 106 35 }
Note: See TracChangeset
for help on using the changeset viewer.