add_option()/update_option() should pass the option name to get_option() pre-escaped. fixes #4690 for trunk
git-svn-id: http://svn.automattic.com/wordpress/trunk@5829 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e9b0e8284b
commit
ad81604c8c
|
@ -177,6 +177,7 @@ function is_serialized_string($data) {
|
||||||
|
|
||||||
/* Options functions */
|
/* Options functions */
|
||||||
|
|
||||||
|
// expects $setting to already be SQL-escaped
|
||||||
function get_option($setting) {
|
function get_option($setting) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
|
@ -276,18 +277,20 @@ function wp_load_alloptions() {
|
||||||
return $alloptions;
|
return $alloptions;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// expects $option_name to NOT be SQL-escaped
|
||||||
function update_option($option_name, $newvalue) {
|
function update_option($option_name, $newvalue) {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
wp_protect_special_option($option_name);
|
wp_protect_special_option($option_name);
|
||||||
|
|
||||||
|
$safe_option_name = $wpdb->escape($option_name);
|
||||||
$newvalue = sanitize_option($option_name, $newvalue);
|
$newvalue = sanitize_option($option_name, $newvalue);
|
||||||
|
|
||||||
if ( is_string($newvalue) )
|
if ( is_string($newvalue) )
|
||||||
$newvalue = trim($newvalue);
|
$newvalue = trim($newvalue);
|
||||||
|
|
||||||
// If the new and old values are the same, no need to update.
|
// If the new and old values are the same, no need to update.
|
||||||
$oldvalue = get_option($option_name);
|
$oldvalue = get_option($safe_option_name);
|
||||||
if ( $newvalue === $oldvalue ) {
|
if ( $newvalue === $oldvalue ) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -325,15 +328,17 @@ function update_option($option_name, $newvalue) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// thx Alex Stapleton, http://alex.vort-x.net/blog/
|
// thx Alex Stapleton, http://alex.vort-x.net/blog/
|
||||||
|
// expects $name to NOT be SQL-escaped
|
||||||
function add_option($name, $value = '', $description = '', $autoload = 'yes') {
|
function add_option($name, $value = '', $description = '', $autoload = 'yes') {
|
||||||
global $wpdb;
|
global $wpdb;
|
||||||
|
|
||||||
wp_protect_special_option($name);
|
wp_protect_special_option($name);
|
||||||
|
$safe_name = $wpdb->escape($name);
|
||||||
|
|
||||||
// Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
|
// Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
|
||||||
$notoptions = wp_cache_get('notoptions', 'options');
|
$notoptions = wp_cache_get('notoptions', 'options');
|
||||||
if ( !is_array($notoptions) || !isset($notoptions[$name]) )
|
if ( !is_array($notoptions) || !isset($notoptions[$name]) )
|
||||||
if ( false !== get_option($name) )
|
if ( false !== get_option($safe_name) )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
$value = maybe_serialize($value);
|
$value = maybe_serialize($value);
|
||||||
|
|
Loading…
Reference in New Issue