From 9954e0e3c21ebb8e0de1402ab6a9df88fb2cbb6e Mon Sep 17 00:00:00 2001 From: Peter Westwood Date: Fri, 21 Mar 2008 08:56:29 +0000 Subject: [PATCH] Add sanitization of option values to add_option. Fixes #5209 props johnbillion. git-svn-id: https://develop.svn.wordpress.org/trunk@7445 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index b897ae4706..2421f360db 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -344,6 +344,7 @@ function add_option( $name, $value = '', $deprecated = '', $autoload = 'yes' ) { wp_protect_special_option( $name ); $safe_name = $wpdb->escape( $name ); + $value = sanitize_option( $name, $value ); // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query $notoptions = wp_cache_get( 'notoptions', 'options' ); @@ -371,6 +372,7 @@ function add_option( $name, $value = '', $deprecated = '', $autoload = 'yes' ) { $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); + do_action( "add_option_{$name}", $name, $value ); return; }