Changes in branches/2.0 [5828:5841]
- Location:
- branches/2.0
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-admin/link-import.php
r5828 r5841 75 75 <h2><?php _e('Importing...') ?></h2> 76 76 <?php 77 $cat_id = $_POST['cat_id']; 78 if (($cat_id == '') || ($cat_id == 0)) { 79 $cat_id = 1; 80 } 77 $cat_id = abs( (int) $_POST['cat_id'] ); 78 if ( $cat_id < 1 ) 79 $cat_id = 1; 81 80 82 81 $opml_url = $_POST['opml_url']; -
branches/2.0/wp-admin/options.php
r5828 r5841 152 152 foreach ( (array) $options as $option) : 153 153 $disabled = ''; 154 $option->option_name = attribute_escape($option->option_name); 154 155 if ( is_serialized($option->option_value) ) { 155 156 if ( is_serialized_string($option->option_value) ) { 156 157 // this is a serialized string, so we should display it 157 $value = wp_specialchars(maybe_unserialize($option->option_value), 'single');158 $value = maybe_unserialize($option->option_value); 158 159 $options_to_update[] = $option->option_name; 159 160 $class = 'all-options'; … … 164 165 } 165 166 } else { 166 $value = wp_specialchars($option->option_value, 'single');167 $value = $option->option_value; 167 168 $options_to_update[] = $option->option_name; 168 169 $class = 'all-options'; … … 173 174 <td>"; 174 175 175 if (str istr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";176 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value. "'$disabled />";177 176 if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>"; 177 else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />"; 178 178 179 echo "</td> 179 180 <td>$option->option_description</td> … … 183 184 </table> 184 185 <?php $options_to_update = implode(',', $options_to_update); ?> 185 <p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>186 <p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p> 186 187 </form> 187 188 </div> -
branches/2.0/wp-includes/functions.php
r5828 r5841 300 300 /* Options functions */ 301 301 302 // expects $setting to already be SQL-escaped 302 303 function get_settings($setting) { 303 304 global $wpdb; … … 377 378 } 378 379 380 // expects $option_name to NOT be SQL-escaped 379 381 function update_option($option_name, $newvalue) { 380 382 global $wpdb; 381 383 384 $safe_option_name = $wpdb->escape($option_name); 385 382 386 if ( is_string($newvalue) ) 383 387 $newvalue = trim($newvalue); 384 388 385 389 // If the new and old values are the same, no need to update. 386 $oldvalue = get_option($ option_name);390 $oldvalue = get_option($safe_option_name); 387 391 if ( $newvalue == $oldvalue ) { 388 392 return false; … … 417 421 418 422 // thx Alex Stapleton, http://alex.vort-x.net/blog/ 423 // expects $name to NOT be SQL-escaped 419 424 function add_option($name, $value = '', $description = '', $autoload = 'yes') { 420 425 global $wpdb; 421 426 427 $safe_name = $wpdb->escape($name); 428 422 429 // Make sure the option doesn't already exist 423 if ( false !== get_option($ name) )430 if ( false !== get_option($safe_name) ) 424 431 return; 425 432
Note: See TracChangeset
for help on using the changeset viewer.