WordPress.org

Make WordPress Core

Opened 20 months ago

Closed 19 months ago

Last modified 19 months ago

#21552 closed enhancement (fixed)

Move option sanitization in network/settings.php to sanitize_option

Reported by: wonderboymusic Owned by: nacin
Milestone: 3.5 Priority: normal
Severity: normal Version: 3.0
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

When Networks settings are saved in wp-admin/network/settings.php, the sanitization is done inline. This code needs to be moved to sanitize_option() where all of the other options are sanitized. This also combines duplicated code.

Attachments (2)

mu-settings-sanitize-option.diff (4.5 KB) - added by wonderboymusic 19 months ago.
sanitize-ms-options-test.diff (855 bytes) - added by wonderboymusic 19 months ago.

Download all attachments as: .zip

Change History (11)

comment:1 nacin20 months ago

  • Milestone changed from Awaiting Review to 3.5

Yes please.

comment:2 nacin19 months ago

Seems to me like in both cases, we also need to account for the value possibly being an array (someone making a change manually, rather than through settings.php).

Illegal names handling can probably be simplified to:

if ( ! is_array( $value ) )
   $value = explode( ' ', $value );
$value = array_filter( array_map( 'trim', $value ) );
if ( ! $value )
   $value = '';

Also, stripslashes() already occurs in the settings.php handler (just as it does in options.php).

comment:3 nacin19 months ago

  • Keywords needs-refresh added

comment:4 wonderboymusic19 months ago

  • Keywords needs-refresh removed

Refreshed the patch - here's a quick and dirty:

update_option( 'illegal_names', array( '', 'Woo', '' ) );
update_option( 'limited_email_domains', array(  'woo', '', 'boo.com', 'foo.net.biz..'  ) );
update_option( 'banned_email_domains', array(  'woo', '', 'boo.com', 'foo.net.biz..'  ) );

print_r( get_option( 'illegal_names' ) );
print_r( get_option( 'limited_email_domains' ) );
print_r( get_option( 'banned_email_domains' ) );
exit();

comment:5 nacin19 months ago

  • Keywords commit needs-unit-tests added

Cool stuff. Maybe that can become a unit test?

comment:6 wonderboymusic19 months ago

will fire one up fairly soon

comment:7 wonderboymusic19 months ago

Added a unit test and refreshed patch to not save filtered arrays with their original numeric indexes

comment:8 nacin19 months ago

  • Owner set to nacin
  • Resolution set to fixed
  • Status changed from new to closed

In [21993]:

Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.

comment:9 nacin19 months ago

  • Keywords needs-unit-tests removed
Note: See TracTickets for help on using tickets.