Move sanitization for the multisite illegal_names, limited_email_domains, and banned_email_domains options to sanitize_option(). props wonderboymusic. fixes #21552.
git-svn-id: https://develop.svn.wordpress.org/trunk@21993 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
63c7766bad
commit
248b586911
@ -44,53 +44,20 @@ if ( $_POST ) {
|
||||
|
||||
check_admin_referer( 'siteoptions' );
|
||||
|
||||
if ( isset( $_POST['WPLANG'] ) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) )
|
||||
update_site_option( 'WPLANG', $_POST['WPLANG'] );
|
||||
|
||||
if ( is_email( $_POST['admin_email'] ) )
|
||||
update_site_option( 'admin_email', $_POST['admin_email'] );
|
||||
|
||||
$illegal_names = explode( ' ', $_POST['illegal_names'] );
|
||||
foreach ( (array) $illegal_names as $name ) {
|
||||
$name = trim( $name );
|
||||
if ( $name != '' )
|
||||
$names[] = trim( $name );
|
||||
}
|
||||
update_site_option( 'illegal_names', $names );
|
||||
|
||||
if ( $_POST['limited_email_domains'] != '' ) {
|
||||
$limited_email_domains = str_replace( ' ', "\n", $_POST['limited_email_domains'] );
|
||||
$limited_email_domains = explode( "\n", stripslashes( $limited_email_domains ) );
|
||||
$limited_email = array();
|
||||
foreach ( (array) $limited_email_domains as $domain ) {
|
||||
$domain = trim( $domain );
|
||||
if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
|
||||
$limited_email[] = trim( $domain );
|
||||
}
|
||||
update_site_option( 'limited_email_domains', $limited_email );
|
||||
} else {
|
||||
update_site_option( 'limited_email_domains', '' );
|
||||
}
|
||||
|
||||
if ( $_POST['banned_email_domains'] != '' ) {
|
||||
$banned_email_domains = explode( "\n", stripslashes( $_POST['banned_email_domains'] ) );
|
||||
$banned = array();
|
||||
foreach ( (array) $banned_email_domains as $domain ) {
|
||||
$domain = trim( $domain );
|
||||
if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
|
||||
$banned[] = trim( $domain );
|
||||
}
|
||||
update_site_option( 'banned_email_domains', $banned );
|
||||
} else {
|
||||
update_site_option( 'banned_email_domains', '' );
|
||||
}
|
||||
|
||||
$options = array( 'registrationnotification', 'registration', 'add_new_users', 'menu_items', 'upload_space_check_disabled', 'blog_upload_space', 'upload_filetypes', 'site_name', 'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author', 'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'global_terms_enabled' );
|
||||
$checked_options = array( 'menu_items' => array(), 'registrationnotification' => 'no', 'upload_space_check_disabled' => 1, 'add_new_users' => 0 );
|
||||
foreach ( $checked_options as $option_name => $option_unchecked_value ) {
|
||||
if ( ! isset( $_POST[$option_name] ) )
|
||||
$_POST[$option_name] = $option_unchecked_value;
|
||||
}
|
||||
|
||||
$options = array(
|
||||
'registrationnotification', 'registration', 'add_new_users', 'menu_items',
|
||||
'upload_space_check_disabled', 'blog_upload_space', 'upload_filetypes', 'site_name',
|
||||
'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author',
|
||||
'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'global_terms_enabled',
|
||||
'illegal_names', 'limited_email_domains', 'banned_email_domains', 'WPLANG', 'admin_email',
|
||||
);
|
||||
|
||||
foreach ( $options as $option_name ) {
|
||||
if ( ! isset($_POST[$option_name]) )
|
||||
continue;
|
||||
|
@ -2862,6 +2862,32 @@ function sanitize_option($option, $value) {
|
||||
$value = get_option( $option );
|
||||
break;
|
||||
|
||||
case 'illegal_names':
|
||||
if ( ! is_array( $value ) )
|
||||
$value = explode( "\n", $value );
|
||||
|
||||
$value = array_values( array_filter( array_map( 'trim', $value ) ) );
|
||||
|
||||
if ( ! $value )
|
||||
$value = '';
|
||||
break;
|
||||
|
||||
case 'limited_email_domains':
|
||||
case 'banned_email_domains':
|
||||
if ( ! is_array( $value ) )
|
||||
$value = explode( "\n", $value );
|
||||
|
||||
$domains = array_values( array_filter( array_map( 'trim', $value ) ) );
|
||||
$value = array();
|
||||
|
||||
foreach ( $domains as $domain ) {
|
||||
if ( ! preg_match( '/(--|\.\.)/', $domain ) && preg_match( '|^([a-zA-Z0-9-\.])+$|', $domain ) )
|
||||
$value[] = $domain;
|
||||
}
|
||||
if ( ! $value )
|
||||
$value = '';
|
||||
break;
|
||||
|
||||
case 'timezone_string':
|
||||
$allowed_zones = timezone_identifiers_list();
|
||||
if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {
|
||||
|
Loading…
Reference in New Issue
Block a user