Opened 15 years ago
Closed 15 years ago
#10454 closed enhancement (fixed)
Add support for setting users_can_register option via XML-RPC and sanitize the option value
Reported by: | josephscott | Owned by: | westi |
---|---|---|---|
Milestone: | 2.9 | Priority: | normal |
Severity: | normal | Version: | 2.8.1 |
Component: | XML-RPC | Keywords: | has-patch |
Focuses: | Cc: |
Description
I looked at adding support to manage the users_can_register ('Membership') option via XML-RPC (using the existing wp.setOptions method) and found that the users_can_register value wasn't being sanitized. There was also a problem with wp.setOptions not working if the value of the option evaluated to false with the empty() function.
So first up, I have a patch to xmlrpc.php that adds support for managing the users_can_register option and removes the empty() check on the option value.
Second is a patch to the sanitize_option() function that makes sure that the value for the users_can_register option is an integer. Under normal situations this limits the value to either zero or one.
Attachments (3)
Note: See
TracTickets for help on using
tickets.
Westi pointed out that there really is no reason not to use absint() here instead, since the two legal values we are talking about are zero and one. This new patch puts 'users_can_register' into the same case block for other absolute integers and replaces the abs((int) *) approach with a call to absint().