WordPress-C/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2025-02-18 04:25:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

options stripslashes-fu by mdawaffe. #3095

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@4329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2006-10-04 11:02:31 +00:00
parent c95f68bcb9
commit b869fd07f8
1 changed files with 17 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
wp-admin/options.php
View File

@ -10,21 +10,24 @@ wp_reset_vars(array('action'));
if ( !current_user_can('manage_options') ) if ( !current_user_can('manage_options') )
wp_die(__('Cheatin’ uh?')); wp_die(__('Cheatin’ uh?'));
function sanitize_option($option, $value) { function sanitize_option($option, $value) { // Remember to call stripslashes!
switch ($option) { switch ($option) {
case 'admin_email': case 'admin_email':
$value = stripslashes($value);
$value = sanitize_email($value); $value = sanitize_email($value);
break; break;
case 'default_post_edit_rows': case 'default_post_edit_rows':
case 'mailserver_port': case 'mailserver_port':
case 'comment_max_links': case 'comment_max_links':
$value = stripslashes($value);
$value = abs((int) $value); $value = abs((int) $value);
break; break;
case 'posts_per_page': case 'posts_per_page':
case 'posts_per_rss': case 'posts_per_rss':
$value = stripslashes($value);
$value = (int) $value; $value = (int) $value;
if ( empty($value) ) $value = 1; if ( empty($value) ) $value = 1;
if ( $value < -1 ) $value = abs($value); if ( $value < -1 ) $value = abs($value);
@ -32,6 +35,7 @@ function sanitize_option($option, $value) {
case 'default_ping_status': case 'default_ping_status':
case 'default_comment_status': case 'default_comment_status':
$value = stripslashes($value);
// Options that if not there have 0 value but need to be something like "closed" // Options that if not there have 0 value but need to be something like "closed"
if ( $value == '0' || $value == '') if ( $value == '0' || $value == '')
$value = 'closed'; $value = 'closed';
@ -40,11 +44,12 @@ function sanitize_option($option, $value) {
case 'blogdescription': case 'blogdescription':
case 'blogname': case 'blogname':
if (current_user_can('unfiltered_html') == false) if (current_user_can('unfiltered_html') == false)
$value = wp_filter_post_kses( $value ); $value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
$value = stripslashes($value);
break; break;
case 'blog_charset': case 'blog_charset':
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
break; break;
case 'date_format': case 'date_format':
@ -55,17 +60,22 @@ function sanitize_option($option, $value) {
case 'ping_sites': case 'ping_sites':
case 'upload_path': case 'upload_path':
$value = strip_tags($value); $value = strip_tags($value);
$value = wp_filter_kses($value); $value = wp_filter_kses($value); // calls stripslashes then addslashes
$value = stripslashes($value);
break; break;
case 'gmt_offset': case 'gmt_offset':
$value = preg_replace('/[^0-9:.-]/', '', $value); $value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
break; break;
case 'siteurl': case 'siteurl':
case 'home': case 'home':
$value = stripslashes($value);
$value = clean_url($value); $value = clean_url($value);
break; break;
default :
$value = stripslashes($value);
break;
} }
return $value; return $value;
@ -89,8 +99,8 @@ case 'update':
if ($options) { if ($options) {
foreach ($options as $option) { foreach ($options as $option) {
$option = trim($option); $option = trim($option);
$value = trim(stripslashes($_POST[$option])); $value = trim($_POST[$option]);
$value = sanitize_option($option, $value); $value = sanitize_option($option, $value); // This does stripslashes on those that need it
update_option($option, $value); update_option($option, $value);
} }
} }