X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/ff81ee6e8304a1982a3ec4f5b134764a29d502cf..refs/tags/wordpress-2.3.3:/wp-admin/options.php

diff --git a/wp-admin/options.php b/wp-admin/options.php
index de5999c6..7fa05bbf 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -5,83 +5,38 @@ $title = __('Options');
 $this_file = 'options.php';
 $parent_file = 'options-general.php';
 
-$wpvarstoreset = array('action');
-for ($i=0; $i<count($wpvarstoreset); $i += 1) {
-	$wpvar = $wpvarstoreset[$i];
-	if (!isset($$wpvar)) {
-		if (empty($_POST["$wpvar"])) {
-			if (empty($_GET["$wpvar"])) {
-				$$wpvar = '';
-			} else {
-				$$wpvar = $_GET["$wpvar"];
-			}
-		} else {
-			$$wpvar = $_POST["$wpvar"];
-		}
-	}
-}
+wp_reset_vars(array('action'));
 
 if ( !current_user_can('manage_options') )
-	die ( __('Cheatin&#8217; uh?') );
+	wp_die(__('Cheatin&#8217; uh?'));
 
 switch($action) {
 
 case 'update':
 	$any_changed = 0;
-	
-	check_admin_referer();
 
-	if (!$_POST['page_options']) {
-		foreach ($_POST as $key => $value) {
-			$options[] = $key;
+	check_admin_referer('update-options');
+
+	if ( !$_POST['page_options'] ) {
+		foreach ( (array) $_POST as $key => $value) {
+			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+				$options[] = $key;
 		}
 	} else {
 		$options = explode(',', stripslashes($_POST['page_options']));
 	}
 
-	// Save for later.
-	$old_siteurl = get_settings('siteurl');
-	$old_home = get_settings('home');
-
-	// HACK
-	// Options that if not there have 0 value but need to be something like "closed"
-	$nonbools = array('default_ping_status', 'default_comment_status');
 	if ($options) {
 		foreach ($options as $option) {
 			$option = trim($option);
-			$value = trim(stripslashes($_POST[$option]));
-				if( in_array($option, $nonbools) && ( $value == '0' || $value == '') )
-				$value = 'closed';
-			
-			if( $option == 'blogdescription' || $option == 'blogname' )
-				if (current_user_can('unfiltered_html') == false)
-					$value = wp_filter_post_kses( $value );
-			
-			if (update_option($option, $value) ) {
-				$any_changed++;
-			}
+			$value = $_POST[$option];
+			if(!is_array($value))	$value = trim($value);
+			$value = stripslashes_deep($value);
+			update_option($option, $value);
 		}
 	}
-    
-	if ($any_changed) {
-			// If siteurl or home changed, reset cookies.
-			if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
-				// If home changed, write rewrite rules to new location.
-				$wp_rewrite->flush_rules();
-				// Get currently logged in user and password.
-				get_currentuserinfo();
-				// Clear cookies for old paths.
-				wp_clearcookie();
-				// Set cookies for new paths.
-				wp_setcookie($user_login, $user_pass_md5, true, get_settings('home'), get_settings('siteurl'));
-			}
-
-			//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
-    }
-    
-	$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
-	$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
-	$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
+
+	$goback = add_query_arg('updated', 'true', wp_get_referer());
 	wp_redirect($goback);
     break;
 
@@ -89,25 +44,49 @@ default:
 	include('admin-header.php'); ?>
 
 <div class="wrap">
-  <h2><?php _e('All options'); ?></h2>
-  <form name="form" action="options.php" method="post">
+  <h2><?php _e('All Options'); ?></h2>
+  <form name="form" action="options.php" method="post" id="all-options">
+  <?php wp_nonce_field('update-options') ?>
   <input type="hidden" name="action" value="update" />
+	<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
 
-foreach ($options as $option) :
-	$value = wp_specialchars($option->option_value);
+foreach ( (array) $options as $option) :
+	$disabled = '';
+	$option->option_name = attribute_escape($option->option_name);
+	if ( is_serialized($option->option_value) ) {
+		if ( is_serialized_string($option->option_value) ) {
+			// this is a serialized string, so we should display it
+			$value = maybe_unserialize($option->option_value);
+			$options_to_update[] = $option->option_name;
+			$class = 'all-options';
+		} else {
+			$value = 'SERIALIZED DATA';
+			$disabled = ' disabled="disabled"';
+			$class = 'all-options disabled';
+		}
+	} else {
+		$value = $option->option_value;
+		$options_to_update[] = $option->option_name;
+		$class = 'all-options';
+	}
 	echo "
 <tr>
 	<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
-	<td><input type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . $value . "' /></td>
-	<td>$option->option_description</td>
+<td>";
+
+	if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
+	else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
+
+	echo "</td>
 </tr>";
 endforeach;
 ?>
   </table>
-<p class="submit"><input type="submit" name="Update" value="<?php _e('Update Settings &raquo;') ?>" /></p>
+<?php $options_to_update = implode(',', $options_to_update); ?>
+<p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
   </form>
 </div>