From a399b4b845136d4a888efecdab0204987080db28 Mon Sep 17 00:00:00 2001 From: wpmuguru Date: Fri, 26 Feb 2010 23:36:26 +0000 Subject: [PATCH] sanitize domains in ms-options, fixes #11775 git-svn-id: http://svn.automattic.com/wordpress/trunk@13447 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/ms-edit.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index 21c1d5ea27..9d1dc0aed7 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -40,8 +40,11 @@ switch ( $_GET['action'] ) { if ( $_POST['limited_email_domains'] != '' ) { $limited_email_domains = str_replace( ' ', "\n", $_POST[ 'limited_email_domains' ] ); $limited_email_domains = split( "\n", stripslashes( $limited_email_domains ) ); + $limited_email = array(); foreach ( (array) $limited_email_domains as $domain ) { - $limited_email[] = trim( $domain ); + $domain = trim( $domain ); + if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) + $limited_email[] = trim( $domain ); } update_site_option( "limited_email_domains", $limited_email ); } else { @@ -50,8 +53,11 @@ switch ( $_GET['action'] ) { if ( $_POST['banned_email_domains'] != '' ) { $banned_email_domains = split( "\n", stripslashes( $_POST[ 'banned_email_domains' ] ) ); + $banned = array(); foreach ( (array) $banned_email_domains as $domain ) { - $banned[] = trim( $domain ); + $domain = trim( $domain ); + if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) ) + $banned[] = trim( $domain ); } update_site_option( "banned_email_domains", $banned ); } else {