X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..256a3b381f63716209b3527d0a14442ae570c283:/wp-admin/options.php diff --git a/wp-admin/options.php b/wp-admin/options.php index 92ae917b..8b848114 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -16,7 +16,7 @@ */ /** WordPress Administration Bootstrap */ -require_once('./admin.php'); +require_once( dirname( __FILE__ ) . '/admin.php' ); $title = __('Settings'); $this_file = 'options.php'; @@ -29,6 +29,17 @@ $capability = 'manage_options'; if ( empty($option_page) ) // This is for back compat and will eventually be removed. $option_page = 'options'; else + + /** + * Filter the capability required when using the Settings API. + * + * By default, the options groups for all registered settings require the manage_options capability. + * This filter is required to change the capability required for a certain options page. + * + * @since 3.2.0 + * + * @param string $capability The capability used for the page, which is manage_options by default. + */ $capability = apply_filters( "option_page_capability_{$option_page}", $capability ); if ( !current_user_can( $capability ) ) @@ -96,10 +107,24 @@ if ( !is_multisite() ) { $whitelist_options['general'][] = 'new_admin_email'; $whitelist_options['general'][] = 'WPLANG'; + /** + * Toggle post-by-email functionality. + * + * @since 3.0.0 + * + * @param bool True or false, based on whether post-by-email configuration is enabled or not. + */ if ( apply_filters( 'enable_post_by_email_configuration', true ) ) $whitelist_options['writing'] = array_merge($whitelist_options['writing'], $mail_options); } +/** + * Filter the options white list. + * + * @since 2.7.0 + * + * @param array White list options. + */ $whitelist_options = apply_filters( 'whitelist_options', $whitelist_options ); /* @@ -120,16 +145,16 @@ if ( 'update' == $action ) { if ( 'options' == $option_page ) { if ( is_multisite() && ! is_super_admin() ) wp_die( __( 'You do not have sufficient permissions to modify unregistered settings for this site.' ) ); - $options = explode( ',', stripslashes( $_POST[ 'page_options' ] ) ); + $options = explode( ',', wp_unslash( $_POST[ 'page_options' ] ) ); } else { $options = $whitelist_options[ $option_page ]; } // Handle custom date/time formats if ( 'general' == $option_page ) { - if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['date_format'] ) ) + if ( !empty($_POST['date_format']) && isset($_POST['date_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) $_POST['date_format'] = $_POST['date_format_custom']; - if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == stripslashes( $_POST['time_format'] ) ) + if ( !empty($_POST['time_format']) && isset($_POST['time_format_custom']) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) $_POST['time_format'] = $_POST['time_format_custom']; // Map UTC+- timezones to gmt_offsets and set timezone_string to empty. if ( !empty($_POST['timezone_string']) && preg_match('/^UTC[+-]/', $_POST['timezone_string']) ) { @@ -150,7 +175,7 @@ if ( 'update' == $action ) { $value = $_POST[ $option ]; if ( ! is_array( $value ) ) $value = trim( $value ); - $value = stripslashes_deep( $value ); + $value = wp_unslash( $value ); } update_option( $option, $value ); } @@ -172,10 +197,9 @@ if ( 'update' == $action ) { exit; } -include('./admin-header.php'); ?> +include( ABSPATH . 'wp-admin/admin-header.php' ); ?>
-

@@ -228,4 +252,4 @@ endforeach;