`sanitize_option()` needs to handle `WP_Error`. DRY the conditional calls to `add_settings_error()`.

Props chriscct7 for an initial patch.
Fixes #32350.

Built from https://develop.svn.wordpress.org/trunk@32791


git-svn-id: http://core.svn.wordpress.org/trunk@32762 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Scott Taylor 2015-06-16 01:29:27 +00:00
parent 8df67cb188
commit 362704ab9a
2 changed files with 80 additions and 43 deletions

View File

@ -3365,16 +3365,19 @@ function sanitize_option( $option, $value ) {
global $wpdb; global $wpdb;
$original_value = $value; $original_value = $value;
$error = '';
switch ( $option ) { switch ( $option ) {
case 'admin_email' : case 'admin_email' :
case 'new_admin_email' : case 'new_admin_email' :
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
$value = sanitize_email( $value ); if ( is_wp_error( $value ) ) {
if ( ! is_email( $value ) ) { $error = $value->get_error_message();
$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization } else {
if ( function_exists( 'add_settings_error' ) ) $value = sanitize_email( $value );
add_settings_error( $option, 'invalid_admin_email', __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' ) ); if ( ! is_email( $value ) ) {
$error = __( 'The email address entered did not appear to be a valid email address. Please enter a valid email address.' );
}
} }
break; break;
@ -3419,8 +3422,12 @@ function sanitize_option( $option, $value ) {
case 'blogdescription': case 'blogdescription':
case 'blogname': case 'blogname':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
$value = wp_kses_post( $value ); if ( is_wp_error( $value ) ) {
$value = esc_html( $value ); $error = $value->get_error_message();
} else {
$value = wp_kses_post( $value );
$value = esc_html( $value );
}
break; break;
case 'blog_charset': case 'blog_charset':
@ -3442,8 +3449,12 @@ function sanitize_option( $option, $value ) {
case 'mailserver_pass': case 'mailserver_pass':
case 'upload_path': case 'upload_path':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
$value = strip_tags( $value ); if ( is_wp_error( $value ) ) {
$value = wp_kses_data( $value ); $error = $value->get_error_message();
} else {
$value = strip_tags( $value );
$value = wp_kses_data( $value );
}
break; break;
case 'ping_sites': case 'ping_sites':
@ -3459,23 +3470,27 @@ function sanitize_option( $option, $value ) {
case 'siteurl': case 'siteurl':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { if ( is_wp_error( $value ) ) {
$value = esc_url_raw($value); $error = $value->get_error_message();
} else { } else {
$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
if ( function_exists('add_settings_error') ) $value = esc_url_raw( $value );
add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.')); } else {
$error = __( 'The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.' );
}
} }
break; break;
case 'home': case 'home':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) { if ( is_wp_error( $value ) ) {
$value = esc_url_raw($value); $error = $value->get_error_message();
} else { } else {
$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization if ( preg_match( '#http(s?)://(.+)#i', $value ) ) {
if ( function_exists('add_settings_error') ) $value = esc_url_raw( $value );
add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); } else {
$error = __( 'The Site address you entered did not appear to be a valid URL. Please enter a valid URL.' );
}
} }
break; break;
@ -3491,38 +3506,45 @@ function sanitize_option( $option, $value ) {
case 'illegal_names': case 'illegal_names':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( ! is_array( $value ) ) if ( is_wp_error( $value ) ) {
$value = explode( ' ', $value ); $error = $value->get_error_message();
} else {
if ( ! is_array( $value ) )
$value = explode( ' ', $value );
$value = array_values( array_filter( array_map( 'trim', $value ) ) ); $value = array_values( array_filter( array_map( 'trim', $value ) ) );
if ( ! $value ) if ( ! $value )
$value = ''; $value = '';
}
break; break;
case 'limited_email_domains': case 'limited_email_domains':
case 'banned_email_domains': case 'banned_email_domains':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
if ( ! is_array( $value ) ) if ( is_wp_error( $value ) ) {
$value = explode( "\n", $value ); $error = $value->get_error_message();
} else {
if ( ! is_array( $value ) )
$value = explode( "\n", $value );
$domains = array_values( array_filter( array_map( 'trim', $value ) ) ); $domains = array_values( array_filter( array_map( 'trim', $value ) ) );
$value = array(); $value = array();
foreach ( $domains as $domain ) { foreach ( $domains as $domain ) {
if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) {
$value[] = $domain; $value[] = $domain;
}
}
if ( ! $value )
$value = '';
} }
if ( ! $value )
$value = '';
break; break;
case 'timezone_string': case 'timezone_string':
$allowed_zones = timezone_identifiers_list(); $allowed_zones = timezone_identifiers_list();
if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) { if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {
$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization $error = __( 'The timezone you have entered is not valid. Please select a valid timezone.' );
if ( function_exists('add_settings_error') )
add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );
} }
break; break;
@ -3530,8 +3552,12 @@ function sanitize_option( $option, $value ) {
case 'category_base': case 'category_base':
case 'tag_base': case 'tag_base':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
$value = esc_url_raw( $value ); if ( is_wp_error( $value ) ) {
$value = str_replace( 'http://', '', $value ); $error = $value->get_error_message();
} else {
$value = esc_url_raw( $value );
$value = str_replace( 'http://', '', $value );
}
break; break;
case 'default_role' : case 'default_role' :
@ -3542,13 +3568,24 @@ function sanitize_option( $option, $value ) {
case 'moderation_keys': case 'moderation_keys':
case 'blacklist_keys': case 'blacklist_keys':
$value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value ); $value = $wpdb->strip_invalid_text_for_column( $wpdb->options, 'option_value', $value );
$value = explode( "\n", $value ); if ( is_wp_error( $value ) ) {
$value = array_filter( array_map( 'trim', $value ) ); $error = $value->get_error_message();
$value = array_unique( $value ); } else {
$value = implode( "\n", $value ); $value = explode( "\n", $value );
$value = array_filter( array_map( 'trim', $value ) );
$value = array_unique( $value );
$value = implode( "\n", $value );
}
break; break;
} }
if ( ! empty( $error ) ) {
$value = get_option( $option );
if ( function_exists( 'add_settings_error' ) ) {
add_settings_error( $option, "invalid_{$option}", $error );
}
}
/** /**
* Filter an option value following sanitization. * Filter an option value following sanitization.
* *

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.3-alpha-32790'; $wp_version = '4.3-alpha-32791';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.