vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add settings registration and whitelisting. Props donncha. see #7277

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@8802 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2008-09-04 01:11:18 +00:00
parent 3b7405a702
commit c3190734f8
8 changed files with 102 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
wp-admin/options.php
View File

@@ -21,6 +21,19 @@ $parent_file = 'options-general.php';
wp_reset_vars(array('action'));
$whitelist_options = array(
'general' => array('blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'comment_registration', 'default_role'),
'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating' ),
'misc' => array( 'hack_file', 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path', 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'large_size_w', 'large_size_h' ),
'privacy' => array( 'blog_public' ),
'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'gzipcompression', 'show_on_front', 'page_on_front', 'page_for_posts' ),
'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category', 'enable_app', 'enable_xmlrpc' ),
'options' => array( '' ) );
if ( !defined( 'WP_SITEURL' ) ) $whitelist_options['general'][] = 'siteurl';
if ( defined( 'WP_HOME' ) ) $whitelist_options['general'][] = 'home';
$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
if ( !current_user_can('manage_options') )
wp_die(__('Cheatin’ uh?'));
@@ -29,15 +42,16 @@ switch($action) {
case 'update':
$any_changed = 0;
check_admin_referer('update-options');
$option_page = $_POST[ 'option_page' ];
check_admin_referer( $option_page . '-options' );
if ( !$_POST['page_options'] ) {
foreach ( (array) $_POST as $key => $value) {
if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
$options[] = $key;
}
if ( !isset( $whitelist_options[ $option_page ] ) )
wp_die( __( 'Error! Options page not found.' ) );
if ( $option_page == 'options' ) {
$options = explode(',', stripslashes( $_POST[ 'page_options' ] ));
} else {
$options = explode(',', stripslashes($_POST['page_options']));
$options = $whitelist_options[ $option_page ];
}
if ($options) {
@@ -63,8 +77,9 @@ default:
</ul>
<h2><?php _e('All Settings'); ?></h2>
<form name="form" action="options.php" method="post" id="all-options">
<?php wp_nonce_field('update-options') ?>
<?php wp_nonce_field('options-options') ?>
<input type="hidden" name="action" value="update" />
<input type='hidden' name='option_page' value='options' />
<table class="form-table">
<?php
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");