Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/wp-admin/options.php

    r4990 r5833  
    128128foreach ( (array) $options as $option) :
    129129    $disabled = '';
     130    $option->option_name = attribute_escape($option->option_name);
    130131    if ( is_serialized($option->option_value) ) {
    131132        if ( is_serialized_string($option->option_value) ) {
    132133            // this is a serialized string, so we should display it
    133             $value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
     134            $value = maybe_unserialize($option->option_value);
    134135            $options_to_update[] = $option->option_name;
    135136            $class = 'all-options';
     
    140141        }
    141142    } else {
    142         $value = wp_specialchars($option->option_value, 'single');
     143        $value = $option->option_value;
    143144        $options_to_update[] = $option->option_name;
    144145        $class = 'all-options';
     
    149150<td>";
    150151
    151     if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
    152     else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";
     152    if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
     153    else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
    153154
    154155    echo "</td>
     
    159160  </table>
    160161<?php $options_to_update = implode(',', $options_to_update); ?>
    161 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
     162<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
    162163  </form>
    163164</div>
Note: See TracChangeset for help on using the changeset viewer.