WordPress/wp-admin/options.php

<?php
require_once('admin.php');

$title = __('Options');
$this_file = 'options.php';
$parent_file = 'options-general.php';

wp_reset_vars(array('action'));

if ( !current_user_can('manage_options') )
	wp_die(__('Cheatin&#8217; uh?'));

switch($action) {

case 'update':
	$any_changed = 0;

	check_admin_referer('update-options');

	if ( !$_POST['page_options'] ) {
		foreach ( (array) $_POST as $key => $value) {
			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
				$options[] = $key;
		}
	} else {
		$options = explode(',', stripslashes($_POST['page_options']));
	}

	if ($options) {
		foreach ($options as $option) {
			$option = trim($option);
			$value = trim($_POST[$option]);
			$value = stripslashes($value);
			update_option($option, $value);
		}
	}
    
	$referred = remove_query_arg('updated' , wp_get_referer());
	$goback = add_query_arg('updated', 'true', wp_get_referer());
	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
	wp_redirect($goback);
    break;

default:
	include('admin-header.php'); ?>

<div class="wrap">
  <h2><?php _e('All Options'); ?></h2>
  <form name="form" action="options.php" method="post" id="all-options">
  <?php wp_nonce_field('update-options') ?>
  <input type="hidden" name="action" value="update" />
	<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
  <table width="98%">
<?php
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");

foreach ( (array) $options as $option) :
	$disabled = '';
	if ( is_serialized($option->option_value) ) {
		if ( is_serialized_string($option->option_value) ) {
			// this is a serialized string, so we should display it
			$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');
			$options_to_update[] = $option->option_name;
			$class = 'all-options';
		} else {
			$value = 'SERIALIZED DATA';
			$disabled = ' disabled="disabled"';
			$class = 'all-options disabled';
		}
	} else {
		$value = wp_specialchars($option->option_value, 'single');
		$options_to_update[] = $option->option_name;
		$class = 'all-options';
	}
	echo "
<tr>
	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
<td>";

	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";
	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";

	echo "</td>
	<td>$option->option_description</td>
</tr>";
endforeach;
?>
  </table>
<?php $options_to_update = implode(',', $options_to_update); ?>
<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
  </form>
</div>


<?php
break;
} // end switch

include('admin-footer.php');
?>
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`<?php`
Split admin-header.php into admin.php and admin-header.php. Split menu.php into menu-header.php and menu.php. Add plugin admin page support. git-svn-id: http://svn.automattic.com/wordpress/trunk@1818 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-10-19 05:03:06 +02:00			`require_once('admin.php');`
Mark some strings for translation and improve string consistency. From Albert. http://mosquito.wordpress.org/bug_view_page.php?bug_id=0000024 git-svn-id: http://svn.automattic.com/wordpress/trunk@1420 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-06-13 18:14:58 +02:00
Hold off on menu cleanup until next release. There be dragons. git-svn-id: http://svn.automattic.com/wordpress/trunk@4480 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-11-18 08:31:29 +01:00			`$title = __('Options');`
			`$this_file = 'options.php';`
			`$parent_file = 'options-general.php';`

wp_reset_vars() from Sewar. fixes #2888 git-svn-id: http://svn.automattic.com/wordpress/trunk@3946 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-07-03 21:03:37 +02:00			`wp_reset_vars(array('action'));`
More options functionaily validation, error messages More options git-svn-id: http://svn.automattic.com/wordpress/trunk@223 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-13 00:48:52 +02:00
More cap migration. git-svn-id: http://svn.automattic.com/wordpress/trunk@2714 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-07-15 04:16:45 +02:00			`if ( !current_user_can('manage_options') )`
wp_die() improvements from Sewar. fixes #2902 git-svn-id: http://svn.automattic.com/wordpress/trunk@4006 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-07-10 07:29:10 +02:00			`wp_die(__('Cheatin’ uh?'));`
Userlevel 6 on options page git-svn-id: http://svn.automattic.com/wordpress/trunk@1915 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-12-07 21:12:34 +01:00
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`switch($action) {`

Option fixes. git-svn-id: http://svn.automattic.com/wordpress/trunk@939 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-02-26 15:37:15 +01:00			`case 'update':`
wp_setcookie() and wp_clearcookie(). Set cookies for both siteurl and home if they are not the same. Update cookies whenever home or siteurl change. git-svn-id: http://svn.automattic.com/wordpress/trunk@2107 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-01-20 05:56:24 +01:00			`$any_changed = 0;`
Death to trailing tabs. Props Mark J. fixes #2405 git-svn-id: http://svn.automattic.com/wordpress/trunk@3517 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-02-12 08:53:23 +01:00
Nonce from above. #2678 git-svn-id: http://svn.automattic.com/wordpress/trunk@3759 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-05-03 00:36:06 +02:00			`check_admin_referer('update-options');`
Remove unnecessary quotes. Props technosailor. fixes #1990 git-svn-id: http://svn.automattic.com/wordpress/trunk@3241 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-11-30 08:27:39 +01:00
Prevent non-option form elements from sneaking in to the options table. fixes #2595 git-svn-id: http://svn.automattic.com/wordpress/trunk@4332 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 14:18:28 +02:00			`if ( !$_POST['page_options'] ) {`
			`foreach ( (array) $_POST as $key => $value) {`
			`if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )`
			`$options[] = $key;`
Option fixes. git-svn-id: http://svn.automattic.com/wordpress/trunk@939 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-02-26 15:37:15 +01:00			`}`
			`} else {`
Cleanup options save. git-svn-id: http://svn.automattic.com/wordpress/trunk@3054 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-11-12 10:36:20 +01:00			`$options = explode(',', stripslashes($_POST['page_options']));`
Abstraction of a admin functions, new custom options page for general options, improved style. git-svn-id: http://svn.automattic.com/wordpress/trunk@869 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-02-13 10:59:47 +01:00			`}`

Cleanup options save. git-svn-id: http://svn.automattic.com/wordpress/trunk@3054 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2005-11-12 10:36:20 +01:00			`if ($options) {`
Add upload folder options. Props David House. fixes #2206 git-svn-id: http://svn.automattic.com/wordpress/trunk@3413 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-01-09 23:24:57 +01:00			`foreach ($options as $option) {`
			`$option = trim($option);`
options stripslashes-fu by mdawaffe. #3095 git-svn-id: http://svn.automattic.com/wordpress/trunk@4329 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 13:02:31 +02:00			`$value = trim($_POST[$option]);`
Make sure sanitize_option() is always called when updating options. git-svn-id: http://svn.automattic.com/wordpress/trunk@5541 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-05-25 04:22:30 +02:00			`$value = stripslashes($value);`
Move home and siteurl update events to action hooks. git-svn-id: http://svn.automattic.com/wordpress/trunk@4175 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-09-08 23:42:05 +02:00			`update_option($option, $value);`
Add upload folder options. Props David House. fixes #2206 git-svn-id: http://svn.automattic.com/wordpress/trunk@3413 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-01-09 23:24:57 +01:00			`}`
			`}`
More options functionaily validation, error messages More options git-svn-id: http://svn.automattic.com/wordpress/trunk@223 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-13 00:48:52 +02:00
wp_get_referer() and friends from robmiller and markjaquith. fixes #2800 git-svn-id: http://svn.automattic.com/wordpress/trunk@3908 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-06-24 07:38:37 +02:00			`$referred = remove_query_arg('updated' , wp_get_referer());`
			`$goback = add_query_arg('updated', 'true', wp_get_referer());`
Add upload folder options. Props David House. fixes #2206 git-svn-id: http://svn.automattic.com/wordpress/trunk@3413 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-01-09 23:24:57 +01:00			`$goback = preg_replace('\|[^a-z0-9-~+_.?#=&;,/:]\|i', '', $goback);`
			`wp_redirect($goback);`
Abstraction of a admin functions, new custom options page for general options, improved style. git-svn-id: http://svn.automattic.com/wordpress/trunk@869 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-02-13 10:59:47 +01:00			`break;`
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00
			`default:`
Split admin-header.php into admin.php and admin-header.php. Split menu.php into menu-header.php and menu.php. Add plugin admin page support. git-svn-id: http://svn.automattic.com/wordpress/trunk@1818 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-10-19 05:03:06 +02:00			`include('admin-header.php'); ?>`
More options work. Bug fixes for advanced_edit not being boolean type, clean up of options code and update feedback (still needs work there), first bit of miscellaneous screen. git-svn-id: http://svn.automattic.com/wordpress/trunk@1058 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-04-11 10:15:10 +02:00
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`<div class="wrap">`
CSS and consistency fixes for options.php git-svn-id: http://svn.automattic.com/wordpress/trunk@4336 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 14:58:05 +02:00			`<h2><?php _e('All Options'); ?></h2>`
preserve multi-line options in options.php. Props Viper007Bond. fixes #2456 git-svn-id: http://svn.automattic.com/wordpress/trunk@4330 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 13:28:38 +02:00			`<form name="form" action="options.php" method="post" id="all-options">`
Nonce from above. #2678 git-svn-id: http://svn.automattic.com/wordpress/trunk@3759 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-05-03 00:36:06 +02:00			`<?php wp_nonce_field('update-options') ?>`
Default page if no group selected. git-svn-id: http://svn.automattic.com/wordpress/trunk@620 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-12-17 02:07:40 +01:00			`<input type="hidden" name="action" value="update" />`
CSS and consistency fixes for options.php git-svn-id: http://svn.automattic.com/wordpress/trunk@4336 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 14:58:05 +02:00			`<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>`
Massive options cleanup and another step of cleaning up the upgrade/install. git-svn-id: http://svn.automattic.com/wordpress/trunk@1599 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-05 02:24:28 +02:00			`<table width="98%">`
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`<?php`
Remove optiongroup_options table. git-svn-id: http://svn.automattic.com/wordpress/trunk@1597 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-05 00:15:46 +02:00			`$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");`
Cleaned up unused options. git-svn-id: http://svn.automattic.com/wordpress/trunk@1148 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-04-24 23:21:19 +02:00
Prevent non-option form elements from sneaking in to the options table. fixes #2595 git-svn-id: http://svn.automattic.com/wordpress/trunk@4332 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 14:18:28 +02:00			`foreach ( (array) $options as $option) :`
Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591 git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-13 01:54:36 +02:00			`$disabled = '';`
			`if ( is_serialized($option->option_value) ) {`
cleanup [4382] a bit git-svn-id: http://svn.automattic.com/wordpress/trunk@4383 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-13 02:23:25 +02:00			`if ( is_serialized_string($option->option_value) ) {`
Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591 git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-13 01:54:36 +02:00			`// this is a serialized string, so we should display it`
			`$value = wp_specialchars(maybe_unserialize($option->option_value), 'single');`
			`$options_to_update[] = $option->option_name;`
			`$class = 'all-options';`
			`} else {`
			`$value = 'SERIALIZED DATA';`
			`$disabled = ' disabled="disabled"';`
			`$class = 'all-options disabled';`
			`}`
			`} else {`
			`$value = wp_specialchars($option->option_value, 'single');`
			`$options_to_update[] = $option->option_name;`
			`$class = 'all-options';`
			`}`
Massive options cleanup and another step of cleaning up the upgrade/install. git-svn-id: http://svn.automattic.com/wordpress/trunk@1599 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-05 02:24:28 +02:00			`echo "`
			`<tr>`
			`<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>`
preserve multi-line options in options.php. Props Viper007Bond. fixes #2456 git-svn-id: http://svn.automattic.com/wordpress/trunk@4330 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 13:28:38 +02:00			`<td>";`

Use strpos instead of strstr where ever possible, for speed. Props rob1n. fixes #3920 git-svn-id: http://svn.automattic.com/wordpress/trunk@4990 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-03-07 06:29:15 +01:00			`if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value</textarea>";`
Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591 git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-13 01:54:36 +02:00			`else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "'$disabled />";`
trailing tabs and whitespace cleanup. git-svn-id: http://svn.automattic.com/wordpress/trunk@4953 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2007-02-27 16:24:54 +01:00
preserve multi-line options in options.php. Props Viper007Bond. fixes #2456 git-svn-id: http://svn.automattic.com/wordpress/trunk@4330 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-04 13:28:38 +02:00			`echo "</td>`
Massive options cleanup and another step of cleaning up the upgrade/install. git-svn-id: http://svn.automattic.com/wordpress/trunk@1599 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-05 02:24:28 +02:00			`<td>$option->option_description</td>`
			`</tr>";`
Cleaned up unused options. git-svn-id: http://svn.automattic.com/wordpress/trunk@1148 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-04-24 23:21:19 +02:00			`endforeach;`
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`?>`
			`</table>`
Prevent users from entering strings that will be interpreted as serialized arrays/objects on the way out. fixes #2591 git-svn-id: http://svn.automattic.com/wordpress/trunk@4382 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-10-13 01:54:36 +02:00			`<?php $options_to_update = implode(',', $options_to_update); ?>`
new function for escaping within attributes: attribute_escape() git-svn-id: http://svn.automattic.com/wordpress/trunk@4656 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2006-12-21 11:10:04 +01:00			`<p class="submit"><input type="hidden" name="page_options" value="<?php echo attribute_escape($options_to_update); ?>" /><input type="submit" name="Update" value="<?php _e('Update Options »') ?>" /></p>`
Default page if no group selected. git-svn-id: http://svn.automattic.com/wordpress/trunk@620 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-12-17 02:07:40 +01:00			`</form>`
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`</div>`

Massive options cleanup and another step of cleaning up the upgrade/install. git-svn-id: http://svn.automattic.com/wordpress/trunk@1599 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-05 02:24:28 +02:00
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00			`<?php`
			`break;`
Default page if no group selected. git-svn-id: http://svn.automattic.com/wordpress/trunk@620 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-12-17 02:07:40 +01:00			`} // end switch`
First pass at new options/settings system. To run it execute the temporary sql file against your database (see file for table names) This only does the admin. THe values are not yet used in the code. git-svn-id: http://svn.automattic.com/wordpress/trunk@208 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2003-06-12 00:59:14 +02:00
More options work. Bug fixes for advanced_edit not being boolean type, clean up of options code and update feedback (still needs work there), first bit of miscellaneous screen. git-svn-id: http://svn.automattic.com/wordpress/trunk@1058 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-04-11 10:15:10 +02:00			`include('admin-footer.php');`
The two flags "default_ping_status" and "default_comment_status" weren't being recorded properly. git-svn-id: http://svn.automattic.com/wordpress/trunk@1681 1a063a9b-81f0-0310-95a4-ce76da25c4cd 2004-09-17 15:05:06 +02:00			`?>`