Wordpress 2.0.11-scripts
[autoinstalls/wordpress.git] / wp-admin / options.php
1 <?php
2 require_once('admin.php');
3
4 $title = __('Options');
5 $this_file = 'options.php';
6 $parent_file = 'options-general.php';
7
8 $wpvarstoreset = array('action');
9 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
10         $wpvar = $wpvarstoreset[$i];
11         if (!isset($$wpvar)) {
12                 if (empty($_POST["$wpvar"])) {
13                         if (empty($_GET["$wpvar"])) {
14                                 $$wpvar = '';
15                         } else {
16                                 $$wpvar = $_GET["$wpvar"];
17                         }
18                 } else {
19                         $$wpvar = $_POST["$wpvar"];
20                 }
21         }
22 }
23
24 if ( !current_user_can('manage_options') )
25         die ( __('Cheatin&#8217; uh?') );
26
27 function sanitize_option($option, $value) {
28
29         switch ($option) {
30                 case 'admin_email':
31                         $value = sanitize_email($value);
32                         break;
33
34                 case 'default_post_edit_rows':
35                 case 'mailserver_port':
36                 case 'comment_max_links':
37                         $value = abs((int) $value);
38                         break;
39
40                 case 'posts_per_page':
41                 case 'posts_per_rss':
42                         $value = (int) $value;
43                         if ( empty($value) ) $value = 1;
44                         if ( $value < -1 ) $value = abs($value);
45                         break;
46
47                 case 'default_ping_status':
48                 case 'default_comment_status':
49                         // Options that if not there have 0 value but need to be something like "closed"
50                         if ( $value == '0' || $value == '')
51                                 $value = 'closed';
52                         break;
53
54                 case 'blogdescription':
55                 case 'blogname':
56                         if (current_user_can('unfiltered_html') == false)
57                                 $value = wp_filter_post_kses( $value );
58                         break;
59
60                 case 'blog_charset':
61                         $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
62                         break;
63
64                 case 'date_format':
65                 case 'time_format':
66                 case 'mailserver_url':
67                 case 'mailserver_login':
68                 case 'mailserver_pass':
69                 case 'ping_sites':
70                 case 'upload_path':
71                         $value = strip_tags($value);
72                         $value = wp_filter_kses($value);
73                         break;
74
75                 case 'gmt_offset':
76                         $value = preg_replace('/[^0-9:.-]/', '', $value);
77                         break;
78
79                 case 'siteurl':
80                 case 'home':
81                         $value = clean_url($value);
82                         break;
83         }
84
85         return $value;  
86 }
87
88 switch($action) {
89
90 case 'update':
91         $any_changed = 0;
92         
93         check_admin_referer('update-options');
94
95         if ( !$_POST['page_options'] ) {
96                 foreach ( (array) $_POST as $key => $value) {
97                         if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
98                                 $options[] = $key;
99                 }
100         } else {
101                 $options = explode(',', stripslashes($_POST['page_options']));
102         }
103
104         // Save for later.
105         $old_siteurl = get_settings('siteurl');
106         $old_home = get_settings('home');
107
108         if ($options) {
109                 foreach ($options as $option) {
110                         $option = trim($option);
111                         $value = trim(stripslashes($_POST[$option]));
112                         $value = sanitize_option($option, $value);
113                         
114                         if (update_option($option, $value) ) {
115                                 $any_changed++;
116                         }
117                 }
118         }
119     
120         if ($any_changed) {
121                         // If siteurl or home changed, reset cookies.
122                         if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
123                                 // If home changed, write rewrite rules to new location.
124                                 $wp_rewrite->flush_rules();
125                                 // Clear cookies for old paths.
126                                 wp_clearcookie();
127                                 // Set cookies for new paths.
128                                 wp_setcookie($user_login, $user_pass_md5, true, get_settings('home'), get_settings('siteurl'));
129                         }
130
131                         //$message = sprintf(__('%d setting(s) saved... '), $any_changed);
132     }
133     
134         $referred = remove_query_arg('updated' , wp_get_referer());
135         $goback = add_query_arg('updated', 'true', wp_get_referer());
136         $goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
137         wp_redirect($goback);
138     break;
139
140 default:
141         include('admin-header.php'); ?>
142
143 <div class="wrap">
144   <h2><?php _e('All Options'); ?></h2>
145   <form name="form" action="options.php" method="post" id="all-options">
146   <?php wp_nonce_field('update-options') ?>
147   <input type="hidden" name="action" value="update" />
148   <table width="98%">
149 <?php
150 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
151
152 foreach ( (array) $options as $option) :
153         $disabled = '';
154         $option->option_name = attribute_escape($option->option_name);
155         if ( is_serialized($option->option_value) ) {
156                 if ( is_serialized_string($option->option_value) ) {
157                         // this is a serialized string, so we should display it
158                         $value = maybe_unserialize($option->option_value);
159                         $options_to_update[] = $option->option_name;
160                         $class = 'all-options';
161                 } else {
162                         $value = 'SERIALIZED DATA';
163                         $disabled = ' disabled="disabled"';
164                         $class = 'all-options disabled';
165                 }
166         } else {
167                 $value = $option->option_value;
168                 $options_to_update[] = $option->option_name;
169                 $class = 'all-options';
170         }
171         echo "
172 <tr>
173         <th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
174 <td>";
175
176         if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
177         else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
178
179         echo "</td>
180         <td>$option->option_description</td>
181 </tr>";
182 endforeach;
183 ?>
184   </table>
185 <?php $options_to_update = implode(',', $options_to_update); ?>
186 <p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
187   </form>
188 </div>
189
190
191 <?php
192 break;
193 } // end switch
194
195 include('admin-footer.php');
196 ?>