Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-11-05 18:32:23 +01:00
Code Issues Projects Releases Wiki Activity

Prevent non-option form elements from sneaking in to the options table. fixes #2595

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4333 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2006-10-04 12:19:05 +00:00
parent 5014cbb45c
commit 09b8472832
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-admin/options.php
View File

@ -92,9 +92,10 @@ case 'update':
check_admin_referer('update-options'); check_admin_referer('update-options');
if (!$_POST['page_options']) { if ( !$_POST['page_options'] ) {
foreach ($_POST as $key => $value) { foreach ( (array) $_POST as $key => $value) {
$options[] = $key; if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
$options[] = $key;
} }
} else { } else {
$options = explode(',', stripslashes($_POST['page_options'])); $options = explode(',', stripslashes($_POST['page_options']));
@ -147,8 +148,15 @@ default:
<table width="98%"> <table width="98%">
<?php <?php
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
foreach ( (array) $options as $option )
$options_to_update[] = $option->option_name;
$options_to_update = implode(',', $options_to_update);
?>
foreach ($options as $option) : <input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />
<?php
foreach ( (array) $options as $option) :
$value = wp_specialchars($option->option_value); $value = wp_specialchars($option->option_value);
echo " echo "
<tr> <tr>