Add settings registration and whitelisting. Props donncha. see #7277
git-svn-id: https://develop.svn.wordpress.org/trunk@8802 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
3b7405a702
commit
c3190734f8
@ -170,4 +170,71 @@ function show_message($message) {
|
|||||||
echo "<p>$message</p>\n";
|
echo "<p>$message</p>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Whitelist functions */
|
||||||
|
function register_setting($option_group, $option_name, $sanitize_callback = '') {
|
||||||
|
return add_option_update_handler($option_group, $option_name, $sanitize_callback);
|
||||||
|
}
|
||||||
|
|
||||||
|
function unregister_setting($option_group, $option_name, $sanitize_callback = '') {
|
||||||
|
return remove_option_update_handler($option_group, $option_name, $sanitize_callback);
|
||||||
|
}
|
||||||
|
|
||||||
|
function add_option_update_handler($option_group, $option_name, $sanitize_callback = '') {
|
||||||
|
global $new_whitelist_options;
|
||||||
|
$new_whitelist_options[ $option_group ][] = $option_name;
|
||||||
|
if ( $sanitize_callback != '' )
|
||||||
|
add_filter( "sanitize_option_{$option_name}", $sanitize_callback );
|
||||||
|
}
|
||||||
|
|
||||||
|
function remove_option_update_handler($option_group, $option_name, $sanitize_callback = '') {
|
||||||
|
global $new_whitelist_options;
|
||||||
|
$pos = array_search( $option_name, $new_whitelist_options );
|
||||||
|
if ( $pos !== false )
|
||||||
|
unset( $new_whitelist_options[ $option_group ][ $pos ] );
|
||||||
|
if ( $sanitize_callback != '' )
|
||||||
|
remove_filter( "sanitize_option_{$option_name}", $sanitize_callback );
|
||||||
|
}
|
||||||
|
|
||||||
|
function option_update_filter( $options ) {
|
||||||
|
global $new_whitelist_options;
|
||||||
|
|
||||||
|
if ( is_array( $new_whitelist_options ) )
|
||||||
|
$options = add_option_whitelist( $new_whitelist_options, $options );
|
||||||
|
|
||||||
|
return $options;
|
||||||
|
}
|
||||||
|
add_filter( 'whitelist_options', 'option_update_filter' );
|
||||||
|
|
||||||
|
function add_option_whitelist( $new_options, $options = '' ) {
|
||||||
|
if( $options == '' ) {
|
||||||
|
global $whitelist_options;
|
||||||
|
} else {
|
||||||
|
$whitelist_options = $options;
|
||||||
|
}
|
||||||
|
foreach( $new_options as $page => $keys ) {
|
||||||
|
foreach( $keys as $key ) {
|
||||||
|
$pos = array_search( $key, $whitelist_options[ $page ] );
|
||||||
|
if( $pos === false )
|
||||||
|
$whitelist_options[ $page ][] = $key;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $whitelist_options;
|
||||||
|
}
|
||||||
|
|
||||||
|
function remove_option_whitelist( $del_options, $options = '' ) {
|
||||||
|
if( $options == '' ) {
|
||||||
|
global $whitelist_options;
|
||||||
|
} else {
|
||||||
|
$whitelist_options = $options;
|
||||||
|
}
|
||||||
|
foreach( $del_options as $page => $keys ) {
|
||||||
|
foreach( $keys as $key ) {
|
||||||
|
$pos = array_search( $key, $whitelist_options[ $page ] );
|
||||||
|
if( $pos !== false )
|
||||||
|
unset( $whitelist_options[ $page ][ $pos ] );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $whitelist_options;
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
@ -18,7 +18,8 @@ include('admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Discussion Settings') ?></h2>
|
<h2><?php _e('Discussion Settings') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<input type='hidden' name='option_page' value='discussion' />
|
||||||
|
<?php wp_nonce_field('discussion-options') ?>
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><?php _e('Default article settings') ?></th>
|
<th scope="row"><?php _e('Default article settings') ?></th>
|
||||||
@ -159,7 +160,6 @@ echo apply_filters('default_avatar_select', $avatar_list);
|
|||||||
|
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="default_pingback_flag,default_ping_status,default_comment_status,comments_notify,moderation_notify,comment_moderation,require_name_email,comment_whitelist,comment_max_links,moderation_keys,blacklist_keys,show_avatars,avatar_rating,avatar_default" />
|
|
||||||
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
@ -18,7 +18,8 @@ include('./admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('General Settings') ?></h2>
|
<h2><?php _e('General Settings') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<?php wp_nonce_field('general-options') ?>
|
||||||
|
<input type='hidden' name='option_page' value='general' />
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="blogname"><?php _e('Blog Title') ?></label></th>
|
<th scope="row"><label for="blogname"><?php _e('Blog Title') ?></label></th>
|
||||||
@ -120,7 +121,6 @@ endfor;
|
|||||||
|
|
||||||
<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="<?php if ( ! defined( 'WP_SITEURL' ) ) echo 'siteurl,'; if ( ! defined( 'WP_HOME' ) ) echo 'home,'; ?>blogname,blogdescription,admin_email,users_can_register,gmt_offset,date_format,time_format,start_of_week,comment_registration,default_role" />
|
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
@ -19,7 +19,8 @@ include('admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Miscellaneous Settings') ?></h2>
|
<h2><?php _e('Miscellaneous Settings') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<input type='hidden' name='option_page' value='misc' />
|
||||||
|
<?php wp_nonce_field('misc-options') ?>
|
||||||
<h3><?php _e('Uploading'); ?></h3>
|
<h3><?php _e('Uploading'); ?></h3>
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
@ -158,7 +159,6 @@ include('admin-header.php');
|
|||||||
|
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="hack_file,use_linksupdate,uploads_use_yearmonth_folders,upload_path,upload_url_path,thumbnail_size_w,thumbnail_size_h,thumbnail_crop,medium_size_w,medium_size_h,image_default_size,image_default_align,image_default_link_type,large_size_w,large_size_h" />
|
|
||||||
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" class="button" />
|
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" class="button" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
@ -18,7 +18,8 @@ include('./admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Privacy Settings') ?></h2>
|
<h2><?php _e('Privacy Settings') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<?php wp_nonce_field('privacy-options') ?>
|
||||||
|
<input type='hidden' name='option_page' value='privacy' />
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><?php _e('Blog Visibility') ?> </th>
|
<th scope="row"><?php _e('Blog Visibility') ?> </th>
|
||||||
@ -34,7 +35,6 @@ include('./admin-header.php');
|
|||||||
|
|
||||||
<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
<p class="submit"><input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="blog_public" />
|
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
@ -18,7 +18,8 @@ include('admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Reading Settings') ?></h2>
|
<h2><?php _e('Reading Settings') ?></h2>
|
||||||
<form name="form1" method="post" action="options.php">
|
<form name="form1" method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<?php wp_nonce_field('reading-options') ?>
|
||||||
|
<input type='hidden' name='option_page' value='reading' />
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<?php if ( get_pages() ): ?>
|
<?php if ( get_pages() ): ?>
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
@ -74,7 +75,6 @@ include('admin-header.php');
|
|||||||
</table>
|
</table>
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="posts_per_page,posts_per_rss,rss_use_excerpt,blog_charset,gzipcompression,show_on_front,page_on_front,page_for_posts" />
|
|
||||||
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
@ -18,8 +18,8 @@ include('admin-header.php');
|
|||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Writing Settings') ?></h2>
|
<h2><?php _e('Writing Settings') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<?php wp_nonce_field('writing-options') ?>
|
||||||
|
<input type='hidden' name='option_page' value='writing' />
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><label for="default_post_edit_rows"> <?php _e('Size of the post box') ?></label></th>
|
<th scope="row"><label for="default_post_edit_rows"> <?php _e('Size of the post box') ?></label></th>
|
||||||
@ -138,7 +138,6 @@ endforeach;
|
|||||||
|
|
||||||
<p class="submit">
|
<p class="submit">
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="page_options" value="default_post_edit_rows,use_smilies,ping_sites,mailserver_url,mailserver_port,mailserver_login,mailserver_pass,default_category,default_email_category,use_balanceTags,default_link_category,enable_app,enable_xmlrpc" />
|
|
||||||
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
<input type="submit" name="Submit" value="<?php _e('Save Changes') ?>" />
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
@ -21,6 +21,19 @@ $parent_file = 'options-general.php';
|
|||||||
|
|
||||||
wp_reset_vars(array('action'));
|
wp_reset_vars(array('action'));
|
||||||
|
|
||||||
|
$whitelist_options = array(
|
||||||
|
'general' => array('blogname', 'blogdescription', 'admin_email', 'users_can_register', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'comment_registration', 'default_role'),
|
||||||
|
'discussion' => array( 'default_pingback_flag', 'default_ping_status', 'default_comment_status', 'comments_notify', 'moderation_notify', 'comment_moderation', 'require_name_email', 'comment_whitelist', 'comment_max_links', 'moderation_keys', 'blacklist_keys', 'show_avatars', 'avatar_rating' ),
|
||||||
|
'misc' => array( 'hack_file', 'use_linksupdate', 'uploads_use_yearmonth_folders', 'upload_path', 'thumbnail_size_w', 'thumbnail_size_h', 'thumbnail_crop', 'medium_size_w', 'medium_size_h', 'image_default_size', 'image_default_align', 'image_default_link_type', 'large_size_w', 'large_size_h' ),
|
||||||
|
'privacy' => array( 'blog_public' ),
|
||||||
|
'reading' => array( 'posts_per_page', 'posts_per_rss', 'rss_use_excerpt', 'blog_charset', 'gzipcompression', 'show_on_front', 'page_on_front', 'page_for_posts' ),
|
||||||
|
'writing' => array( 'default_post_edit_rows', 'use_smilies', 'ping_sites', 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass', 'default_category', 'default_email_category', 'use_balanceTags', 'default_link_category', 'enable_app', 'enable_xmlrpc' ),
|
||||||
|
'options' => array( '' ) );
|
||||||
|
if ( !defined( 'WP_SITEURL' ) ) $whitelist_options['general'][] = 'siteurl';
|
||||||
|
if ( defined( 'WP_HOME' ) ) $whitelist_options['general'][] = 'home';
|
||||||
|
|
||||||
|
$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
|
||||||
|
|
||||||
if ( !current_user_can('manage_options') )
|
if ( !current_user_can('manage_options') )
|
||||||
wp_die(__('Cheatin’ uh?'));
|
wp_die(__('Cheatin’ uh?'));
|
||||||
|
|
||||||
@ -29,15 +42,16 @@ switch($action) {
|
|||||||
case 'update':
|
case 'update':
|
||||||
$any_changed = 0;
|
$any_changed = 0;
|
||||||
|
|
||||||
check_admin_referer('update-options');
|
$option_page = $_POST[ 'option_page' ];
|
||||||
|
check_admin_referer( $option_page . '-options' );
|
||||||
|
|
||||||
if ( !$_POST['page_options'] ) {
|
if ( !isset( $whitelist_options[ $option_page ] ) )
|
||||||
foreach ( (array) $_POST as $key => $value) {
|
wp_die( __( 'Error! Options page not found.' ) );
|
||||||
if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
|
|
||||||
$options[] = $key;
|
if ( $option_page == 'options' ) {
|
||||||
}
|
$options = explode(',', stripslashes( $_POST[ 'page_options' ] ));
|
||||||
} else {
|
} else {
|
||||||
$options = explode(',', stripslashes($_POST['page_options']));
|
$options = $whitelist_options[ $option_page ];
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($options) {
|
if ($options) {
|
||||||
@ -63,8 +77,9 @@ default:
|
|||||||
</ul>
|
</ul>
|
||||||
<h2><?php _e('All Settings'); ?></h2>
|
<h2><?php _e('All Settings'); ?></h2>
|
||||||
<form name="form" action="options.php" method="post" id="all-options">
|
<form name="form" action="options.php" method="post" id="all-options">
|
||||||
<?php wp_nonce_field('update-options') ?>
|
<?php wp_nonce_field('options-options') ?>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
|
<input type='hidden' name='option_page' value='options' />
|
||||||
<table class="form-table">
|
<table class="form-table">
|
||||||
<?php
|
<?php
|
||||||
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
|
||||||
|
Loading…
Reference in New Issue
Block a user