From feb6eacff10100c58fba201a2f4d85daed15ba8c Mon Sep 17 00:00:00 2001
From: Ron Rennick <wpmuguru@git.wordpress.org>
Date: Mon, 15 Mar 2010 18:10:34 +0000
Subject: [PATCH] block unregistered settings in multisite, see #11644, related
 #11730

git-svn-id: https://develop.svn.wordpress.org/trunk@13709 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/options.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-admin/options.php b/wp-admin/options.php
index c7d6fc11b6..d2b348a69b 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -109,6 +109,8 @@ if ( 'update' == $action ) {
 
 	if ( 'options' == $option_page )
 		$options = explode(',', stripslashes( $_POST[ 'page_options' ] ));
+		if( is_multisite() && !is_super_admin() )
+			wp_die( __( 'Not allowed here' ) );
 	else
 		$options = $whitelist_options[ $option_page ];