mirror of
https://github.com/WordPress/WordPress.git
synced 2025-02-16 11:35:48 +00:00
Sanitize a few options
git-svn-id: http://svn.automattic.com/wordpress/branches/2.2@5915 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
f6d340da08
commit
f09d565459
@ -10,77 +10,6 @@ wp_reset_vars(array('action'));
|
||||
if ( !current_user_can('manage_options') )
|
||||
wp_die(__('Cheatin’ uh?'));
|
||||
|
||||
function sanitize_option($option, $value) { // Remember to call stripslashes!
|
||||
|
||||
switch ($option) {
|
||||
case 'admin_email':
|
||||
$value = stripslashes($value);
|
||||
$value = sanitize_email($value);
|
||||
break;
|
||||
|
||||
case 'default_post_edit_rows':
|
||||
case 'mailserver_port':
|
||||
case 'comment_max_links':
|
||||
$value = stripslashes($value);
|
||||
$value = abs((int) $value);
|
||||
break;
|
||||
|
||||
case 'posts_per_page':
|
||||
case 'posts_per_rss':
|
||||
$value = stripslashes($value);
|
||||
$value = (int) $value;
|
||||
if ( empty($value) ) $value = 1;
|
||||
if ( $value < -1 ) $value = abs($value);
|
||||
break;
|
||||
|
||||
case 'default_ping_status':
|
||||
case 'default_comment_status':
|
||||
$value = stripslashes($value);
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
if ( $value == '0' || $value == '')
|
||||
$value = 'closed';
|
||||
break;
|
||||
|
||||
case 'blogdescription':
|
||||
case 'blogname':
|
||||
if (current_user_can('unfiltered_html') == false)
|
||||
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
|
||||
$value = stripslashes($value);
|
||||
break;
|
||||
|
||||
case 'blog_charset':
|
||||
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
|
||||
break;
|
||||
|
||||
case 'date_format':
|
||||
case 'time_format':
|
||||
case 'mailserver_url':
|
||||
case 'mailserver_login':
|
||||
case 'mailserver_pass':
|
||||
case 'ping_sites':
|
||||
case 'upload_path':
|
||||
$value = strip_tags($value);
|
||||
$value = wp_filter_kses($value); // calls stripslashes then addslashes
|
||||
$value = stripslashes($value);
|
||||
break;
|
||||
|
||||
case 'gmt_offset':
|
||||
$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
|
||||
break;
|
||||
|
||||
case 'siteurl':
|
||||
case 'home':
|
||||
$value = stripslashes($value);
|
||||
$value = clean_url($value);
|
||||
break;
|
||||
default :
|
||||
$value = stripslashes($value);
|
||||
break;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
switch($action) {
|
||||
|
||||
case 'update':
|
||||
|
||||
@ -1118,6 +1118,79 @@ function wp_make_link_relative( $link ) {
|
||||
return preg_replace('|https?://[^/]+(/.*)|i', '$1', $link );
|
||||
}
|
||||
|
||||
function sanitize_option($option, $value) { // Remember to call stripslashes!
|
||||
|
||||
switch ($option) {
|
||||
case 'admin_email':
|
||||
$value = sanitize_email($value);
|
||||
break;
|
||||
|
||||
case 'default_post_edit_rows':
|
||||
case 'mailserver_port':
|
||||
case 'comment_max_links':
|
||||
case 'page_on_front':
|
||||
case 'rss_excerpt_length':
|
||||
case 'default_category':
|
||||
case 'default_email_category':
|
||||
case 'default_link_category':
|
||||
$value = abs((int) $value);
|
||||
break;
|
||||
|
||||
case 'posts_per_page':
|
||||
case 'posts_per_rss':
|
||||
$value = (int) $value;
|
||||
if ( empty($value) ) $value = 1;
|
||||
if ( $value < -1 ) $value = abs($value);
|
||||
break;
|
||||
|
||||
case 'default_ping_status':
|
||||
case 'default_comment_status':
|
||||
// Options that if not there have 0 value but need to be something like "closed"
|
||||
if ( $value == '0' || $value == '')
|
||||
$value = 'closed';
|
||||
break;
|
||||
|
||||
case 'blogdescription':
|
||||
case 'blogname':
|
||||
$value = addslashes($value);
|
||||
$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes
|
||||
$value = stripslashes($value);
|
||||
$value = wp_specialchars( $value );
|
||||
break;
|
||||
|
||||
case 'blog_charset':
|
||||
$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes
|
||||
break;
|
||||
|
||||
case 'date_format':
|
||||
case 'time_format':
|
||||
case 'mailserver_url':
|
||||
case 'mailserver_login':
|
||||
case 'mailserver_pass':
|
||||
case 'ping_sites':
|
||||
case 'upload_path':
|
||||
$value = strip_tags($value);
|
||||
$value = addslashes($value);
|
||||
$value = wp_filter_kses($value); // calls stripslashes then addslashes
|
||||
$value = stripslashes($value);
|
||||
break;
|
||||
|
||||
case 'gmt_offset':
|
||||
$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes
|
||||
break;
|
||||
|
||||
case 'siteurl':
|
||||
case 'home':
|
||||
$value = stripslashes($value);
|
||||
$value = clean_url($value);
|
||||
break;
|
||||
default :
|
||||
break;
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
function wp_parse_str( $string, &$array ) {
|
||||
parse_str( $string, $array );
|
||||
if ( get_magic_quotes_gpc() )
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user