WordPress.org

Make WordPress Core

Changeset 8802


Ignore:
Timestamp:
09/04/08 01:11:18 (7 years ago)
Author:
ryan
Message:

Add settings registration and whitelisting. Props donncha. see #7277

Location:
trunk/wp-admin
Files:
8 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/misc.php

    r8600 r8802  
    171171} 
    172172 
     173/* Whitelist functions */ 
     174function register_setting($option_group, $option_name, $sanitize_callback = '') { 
     175    return add_option_update_handler($option_group, $option_name, $sanitize_callback); 
     176} 
     177 
     178function unregister_setting($option_group, $option_name, $sanitize_callback = '') { 
     179    return remove_option_update_handler($option_group, $option_name, $sanitize_callback); 
     180} 
     181 
     182function add_option_update_handler($option_group, $option_name, $sanitize_callback = '') { 
     183    global $new_whitelist_options; 
     184    $new_whitelist_options[ $option_group ][] = $option_name; 
     185    if ( $sanitize_callback != '' ) 
     186        add_filter( "sanitize_option_{$option_name}", $sanitize_callback ); 
     187} 
     188 
     189function remove_option_update_handler($option_group, $option_name, $sanitize_callback = '') { 
     190    global $new_whitelist_options; 
     191    $pos = array_search( $option_name, $new_whitelist_options ); 
     192    if ( $pos !== false ) 
     193        unset( $new_whitelist_options[ $option_group ][ $pos ] ); 
     194    if ( $sanitize_callback != '' ) 
     195        remove_filter( "sanitize_option_{$option_name}", $sanitize_callback ); 
     196} 
     197 
     198function option_update_filter( $options ) { 
     199    global $new_whitelist_options; 
     200 
     201    if ( is_array( $new_whitelist_options ) ) 
     202        $options = add_option_whitelist( $new_whitelist_options, $options ); 
     203 
     204    return $options; 
     205} 
     206add_filter( 'whitelist_options', 'option_update_filter' ); 
     207 
     208function add_option_whitelist( $new_options, $options = '' ) { 
     209    if( $options == '' ) { 
     210        global $whitelist_options; 
     211    } else { 
     212        $whitelist_options = $options; 
     213    } 
     214    foreach( $new_options as $page => $keys ) { 
     215        foreach( $keys as $key ) { 
     216            $pos = array_search( $key, $whitelist_options[ $page ] ); 
     217            if( $pos === false ) 
     218                $whitelist_options[ $page ][] = $key; 
     219        } 
     220    } 
     221    return $whitelist_options; 
     222} 
     223 
     224function remove_option_whitelist( $del_options, $options = '' ) { 
     225    if( $options == '' ) { 
     226        global $whitelist_options; 
     227    } else { 
     228        $whitelist_options = $options; 
     229    } 
     230    foreach( $del_options as $page => $keys ) { 
     231        foreach( $keys as $key ) { 
     232            $pos = array_search( $key, $whitelist_options[ $page ] ); 
     233            if( $pos !== false ) 
     234                unset( $whitelist_options[ $page ][ $pos ] ); 
     235        } 
     236    } 
     237    return $whitelist_options; 
     238} 
     239 
    173240?> 
  • trunk/wp-admin/options-discussion.php

    r8705 r8802  
    1919<h2><?php _e('Discussion Settings') ?></h2> 
    2020<form method="post" action="options.php"> 
    21 <?php wp_nonce_field('update-options') ?> 
     21<input type='hidden' name='option_page' value='discussion' /> 
     22<?php wp_nonce_field('discussion-options') ?> 
    2223<table class="form-table"> 
    2324<tr valign="top"> 
     
    160161<p class="submit"> 
    161162<input type="hidden" name="action" value="update" /> 
    162 <input type="hidden" name="page_options" value="default_pingback_flag,default_ping_status,default_comment_status,comments_notify,moderation_notify,comment_moderation,require_name_email,comment_whitelist,comment_max_links,moderation_keys,blacklist_keys,show_avatars,avatar_rating,avatar_default" /> 
    163163<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" /> 
    164164</p> 
  • trunk/wp-admin/options-general.php

    r8705 r8802  
    1919<h2><?php _e('General Settings') ?></h2> 
    2020<form method="post" action="options.php"> 
    21 <?php wp_nonce_field('update-options') ?> 
     21<?php wp_nonce_field('general-options') ?> 
     22<input type='hidden' name='option_page' value='general' /> 
    2223<table class="form-table"> 
    2324<tr valign="top"> 
     
    121122<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" /> 
    122123<input type="hidden" name="action" value="update" /> 
    123 <input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role" /> 
    124124</p> 
    125125</form> 
  • trunk/wp-admin/options-misc.php

    r8713 r8802  
    2020<h2><?php _e('Miscellaneous Settings') ?></h2> 
    2121<form method="post" action="options.php"> 
    22 <?php wp_nonce_field('update-options') ?> 
     22<input type='hidden' name='option_page' value='misc' /> 
     23<?php wp_nonce_field('misc-options') ?> 
    2324<h3><?php _e('Uploading'); ?></h3> 
    2425<table class="form-table"> 
     
    159160<p class="submit"> 
    160161<input type="hidden" name="action" value="update" /> 
    161 <input type="hidden" name="page_options" value="hack_file,use_linksupdate,uploads_use_yearmonth_folders,upload_path,upload_url_path,thumbnail_size_w,thumbnail_size_h,thumbnail_crop,medium_size_w,medium_size_h,image_default_size,image_default_align,image_default_link_type,large_size_w,large_size_h" /> 
    162162<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" class="button" /> 
    163163</p> 
  • trunk/wp-admin/options-privacy.php

    r8705 r8802  
    1919<h2><?php _e('Privacy Settings') ?></h2> 
    2020<form method="post" action="options.php"> 
    21 <?php wp_nonce_field('update-options') ?> 
     21<?php wp_nonce_field('privacy-options') ?> 
     22<input type='hidden' name='option_page' value='privacy' /> 
    2223<table class="form-table"> 
    2324<tr valign="top"> 
     
    3536<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" /> 
    3637<input type="hidden" name="action" value="update" /> 
    37 <input type="hidden" name="page_options" value="blog_public" /> 
    3838</p> 
    3939</form> 
  • trunk/wp-admin/options-reading.php

    r8705 r8802  
    1919<h2><?php _e('Reading Settings') ?></h2> 
    2020<form name="form1" method="post" action="options.php"> 
    21 <?php wp_nonce_field('update-options') ?> 
     21<?php wp_nonce_field('reading-options') ?> 
     22<input type='hidden' name='option_page' value='reading' /> 
    2223<table class="form-table"> 
    2324<?php if ( get_pages() ): ?> 
     
    7576<p class="submit"> 
    7677<input type="hidden" name="action" value="update" /> 
    77 <input type="hidden" name="page_options" value="posts_per_page,posts_per_rss,rss_use_excerpt,blog_charset,gzipcompression,show_on_front,page_on_front,page_for_posts" /> 
    7878<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" /> 
    7979</p> 
  • trunk/wp-admin/options-writing.php

    r8705 r8802  
    1919<h2><?php _e('Writing Settings') ?></h2> 
    2020<form method="post" action="options.php"> 
    21 <?php wp_nonce_field('update-options') ?> 
    22  
     21<?php wp_nonce_field('writing-options') ?> 
     22<input type='hidden' name='option_page' value='writing' /> 
    2323<table class="form-table"> 
    2424<tr valign="top"> 
     
    139139<p class="submit"> 
    140140<input type="hidden" name="action" value="update" /> 
    141 <input type="hidden" name="page_options" value="default_post_edit_rows,use_smilies,ping_sites,mailserver_url,mailserver_port,mailserver_login,mailserver_pass,default_category,default_email_category,use_balanceTags,default_link_category,enable_app,enable_xmlrpc" /> 
    142141<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" /> 
    143142</p> 
  • trunk/wp-admin/options.php

    r8691 r8802  
    2222wp_reset_vars(array('action')); 
    2323 
     24$whitelist_options = array( 
     25    'general' => array('blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'comment_registration', 'default_role'), 
     26    'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating' ), 
     27    'misc' => array( 'hack_file', 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path', 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'large_size_w', 'large_size_h' ), 
     28    'privacy' => array( 'blog_public' ), 
     29    'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'gzipcompression', 'show_on_front', 'page_on_front', 'page_for_posts' ), 
     30    'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category', 'enable_app', 'enable_xmlrpc' ), 
     31    'options' => array( '' ) ); 
     32if ( !defined( 'WP_SITEURL' ) ) $whitelist_options['general'][] = 'siteurl'; 
     33if ( defined( 'WP_HOME' ) ) $whitelist_options['general'][] = 'home';  
     34 
     35$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options ); 
     36 
    2437if ( !current_user_can('manage_options') ) 
    2538    wp_die(__('Cheatin&#8217; uh?')); 
     
    3043    $any_changed = 0; 
    3144 
    32     check_admin_referer('update-options'); 
     45    $option_page = $_POST[ 'option_page' ]; 
     46    check_admin_referer( $option_page . '-options' ); 
    3347 
    34     if ( !$_POST['page_options'] ) { 
    35         foreach ( (array) $_POST as $key => $value) { 
    36             if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) 
    37                 $options[] = $key; 
    38         } 
     48    if ( !isset( $whitelist_options[ $option_page ] ) ) 
     49        wp_die( __( 'Error! Options page not found.' ) ); 
     50 
     51    if ( $option_page == 'options' ) { 
     52        $options = explode(',', stripslashes( $_POST[ 'page_options' ] )); 
    3953    } else { 
    40         $options = explode(',', stripslashes($_POST['page_options'])); 
     54        $options = $whitelist_options[ $option_page ]; 
    4155    } 
    4256 
     
    6478  <h2><?php _e('All Settings'); ?></h2> 
    6579  <form name="form" action="options.php" method="post" id="all-options"> 
    66   <?php wp_nonce_field('update-options') ?> 
     80  <?php wp_nonce_field('options-options') ?> 
    6781  <input type="hidden" name="action" value="update" /> 
     82  <input type='hidden' name='option_page' value='options' /> 
    6883  <table class="form-table"> 
    6984<?php 
Note: See TracChangeset for help on using the changeset viewer.