From 6ed92f4fb193de1e12c56e15c999e7b5938f524f Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Wed, 21 Sep 2011 19:05:06 +0000 Subject: [PATCH] Run the sanitize_option_* filter for all options in sanitize_option(). Add some sanity checks for the permalink options while in there. fixes #18737 git-svn-id: https://develop.svn.wordpress.org/trunk@18738 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/formatting.php | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/wp-includes/formatting.php b/wp-includes/formatting.php index 110e2436f4..14ad1a080d 100644 --- a/wp-includes/formatting.php +++ b/wp-includes/formatting.php @@ -2462,6 +2462,7 @@ function sanitize_option($option, $value) { add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.')); } break; + case 'new_admin_email': $value = sanitize_email($value); if ( !is_email($value) ) { @@ -2470,6 +2471,7 @@ function sanitize_option($option, $value) { add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.')); } break; + case 'thumbnail_size_w': case 'thumbnail_size_h': case 'medium_size_w': @@ -2563,6 +2565,7 @@ function sanitize_option($option, $value) { add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.')); } break; + case 'WPLANG': $allowed = get_available_languages(); if ( ! in_array( $value, $allowed ) && ! empty( $value ) ) @@ -2578,11 +2581,16 @@ function sanitize_option($option, $value) { } break; - default : - $value = apply_filters("sanitize_option_{$option}", $value, $option); + case 'permalink_structure': + case 'category_base': + case 'tag_base': + $value = esc_url_raw( $value ); + $value = str_replace( 'http://', '', $value ); break; } + $value = apply_filters("sanitize_option_{$option}", $value, $option); + return $value; }