' . __( 'Sorry, you are not allowed to delete these items.' ) . '
', @@ -93,8 +93,9 @@ $mail_options = array('mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass'); -if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) +if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) { $whitelist_options['reading'][] = 'blog_charset'; +} if ( get_site_option( 'initial_db_version' ) < 32453 ) { $whitelist_options['writing'][] = 'use_smilies'; @@ -102,10 +103,12 @@ } if ( !is_multisite() ) { - if ( !defined( 'WP_SITEURL' ) ) + if ( !defined( 'WP_SITEURL' ) ) { $whitelist_options['general'][] = 'siteurl'; - if ( !defined( 'WP_HOME' ) ) + } + if ( !defined( 'WP_HOME' ) ) { $whitelist_options['general'][] = 'home'; + } $whitelist_options['general'][] = 'admin_email'; $whitelist_options['general'][] = 'users_can_register'; @@ -131,8 +134,9 @@ * * @param bool $enabled Whether post-by-email configuration is enabled. Default true. */ - if ( apply_filters( 'enable_post_by_email_configuration', true ) ) + if ( apply_filters( 'enable_post_by_email_configuration', true ) ) { $whitelist_options['writing'] = array_merge($whitelist_options['writing'], $mail_options); + } } /** @@ -156,12 +160,14 @@ check_admin_referer( $option_page . '-options' ); } - if ( !isset( $whitelist_options[ $option_page ] ) ) + if ( !isset( $whitelist_options[ $option_page ] ) ) { wp_die( __( 'ERROR: options page not found.' ) ); + } if ( 'options' == $option_page ) { - if ( is_multisite() && ! is_super_admin() ) + if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) { wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) ); + } $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) ); } else { $options = $whitelist_options[ $option_page ]; @@ -169,10 +175,12 @@ if ( 'general' == $option_page ) { // Handle custom date/time formats. - if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) + if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) { $_POST['date_format'] = $_POST['date_format_custom']; - if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) + } + if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) { $_POST['time_format'] = $_POST['time_format_custom']; + } // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) { $_POST['gmt_offset'] = $_POST['timezone_string']; @@ -235,8 +243,9 @@ * Handle settings errors and return to options page */ // If no settings errors were registered add a general 'updated' message. - if ( !count( get_settings_errors() ) ) + if ( !count( get_settings_errors() ) ) { add_settings_error('general', 'settings_updated', __('Settings saved.'), 'updated'); + } set_transient('settings_errors', get_settings_errors(), 30); /** @@ -261,8 +270,9 @@ foreach ( (array) $options as $option ) : $disabled = false; - if ( $option->option_name == '' ) + if ( $option->option_name == '' ) { continue; + } if ( is_serialized( $option->option_value ) ) { if ( is_serialized_string( $option->option_value ) ) { // This is a serialized string, so we should display it.