mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Prevent non-option form elements from sneaking in to the options table. fixes #2595
git-svn-id: http://svn.automattic.com/wordpress/trunk@4332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c6648e96c
commit
12a455c39d
@ -88,9 +88,10 @@ case 'update':
|
||||
|
||||
check_admin_referer('update-options');
|
||||
|
||||
if (!$_POST['page_options']) {
|
||||
foreach ($_POST as $key => $value) {
|
||||
$options[] = $key;
|
||||
if ( !$_POST['page_options'] ) {
|
||||
foreach ( (array) $_POST as $key => $value) {
|
||||
if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
|
||||
$options[] = $key;
|
||||
}
|
||||
} else {
|
||||
$options = explode(',', stripslashes($_POST['page_options']));
|
||||
@ -122,8 +123,15 @@ default:
|
||||
<table width="98%">
|
||||
<?php
|
||||
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
||||
foreach ( (array) $options as $option )
|
||||
$options_to_update[] = $option->option_name;
|
||||
$options_to_update = implode(',', $options_to_update);
|
||||
?>
|
||||
|
||||
foreach ($options as $option) :
|
||||
<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" />
|
||||
|
||||
<?php
|
||||
foreach ( (array) $options as $option) :
|
||||
$value = wp_specialchars($option->option_value, 'single');
|
||||
echo "
|
||||
<tr>
|
||||
|
@ -233,7 +233,7 @@ function populate_options() {
|
||||
add_option('show_on_front', 'posts');
|
||||
|
||||
// Delete unused options
|
||||
$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
|
||||
$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update');
|
||||
foreach ($unusedoptions as $option) :
|
||||
delete_option($option);
|
||||
endforeach;
|
||||
|
@ -3,6 +3,6 @@
|
||||
// This holds the version number in a separate file so we can bump it without cluttering the SVN
|
||||
|
||||
$wp_version = '2.1-alpha3';
|
||||
$wp_db_version = 3845;
|
||||
$wp_db_version = 3846;
|
||||
|
||||
?>
|
Loading…
Reference in New Issue
Block a user