wp-admin/options.php

   1 <?php
   2 require_once('admin.php');
   3
   4 $title = __('Options');
   5 $this_file = 'options.php';
   6 $parent_file = 'options-general.php';
   7
   8 $wpvarstoreset = array('action');
   9 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
  10         $wpvar = $wpvarstoreset[$i];
  11         if (!isset($$wpvar)) {
  12                 if (empty($_POST["$wpvar"])) {
  13                         if (empty($_GET["$wpvar"])) {
  14                                 $$wpvar = '';
  15                         } else {
  16                                 $$wpvar = $_GET["$wpvar"];
  17                         }
  18                 } else {
  19                         $$wpvar = $_POST["$wpvar"];
  20                 }
  21         }
  22 }
  23
  24 if ( !current_user_can('manage_options') )
  25         die ( __('Cheatin&#8217; uh?') );
  26
  27 function sanitize_option($option, $value) {
  28
  29         switch ($option) {
  30                 case 'admin_email':
  31                         $value = sanitize_email($value);
  32                         break;
  33
  34                 case 'default_post_edit_rows':
  35                 case 'mailserver_port':
  36                 case 'comment_max_links':
  37                         $value = abs((int) $value);
  38                         break;
  39
  40                 case 'posts_per_page':
  41                 case 'posts_per_rss':
  42                         $value = (int) $value;
  43                         if ( empty($value) ) $value = 1;
  44                         if ( $value < -1 ) $value = abs($value);
  45                         break;
  46
  47                 case 'default_ping_status':
  48                 case 'default_comment_status':
  49                         // Options that if not there have 0 value but need to be something like "closed"
  50                         if ( $value == '0' || $value == '')
  51                                 $value = 'closed';
  52                         break;
  53
  54                 case 'blogdescription':
  55                 case 'blogname':
  56                         if (current_user_can('unfiltered_html') == false)
  57                                 $value = wp_filter_post_kses( $value );
  58                         break;
  59
  60                 case 'blog_charset':
  61                         $value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value);
  62                         break;
  63
  64                 case 'date_format':
  65                 case 'time_format':
  66                 case 'mailserver_url':
  67                 case 'mailserver_login':
  68                 case 'mailserver_pass':
  69                 case 'ping_sites':
  70                 case 'upload_path':
  71                         $value = strip_tags($value);
  72                         $value = wp_filter_kses($value);
  73                         break;
  74
  75                 case 'gmt_offset':
  76                         $value = preg_replace('/[^0-9:.-]/', '', $value);
  77                         break;
  78
  79                 case 'siteurl':
  80                 case 'home':
  81                         $value = clean_url($value);
  82                         break;
  83         }
  84
  85         return $value;
  86 }
  87
  88 switch($action) {
  89
  90 case 'update':
  91         $any_changed = 0;
  92
  93         check_admin_referer('update-options');
  94
  95         if ( !$_POST['page_options'] ) {
  96                 foreach ( (array) $_POST as $key => $value) {
  97                         if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
  98                                 $options[] = $key;
  99                 }
 100         } else {
 101                 $options = explode(',', stripslashes($_POST['page_options']));
 102         }
 103
 104         // Save for later.
 105         $old_siteurl = get_settings('siteurl');
 106         $old_home = get_settings('home');
 107
 108         if ($options) {
 109                 foreach ($options as $option) {
 110                         $option = trim($option);
 111                         $value = trim(stripslashes($_POST[$option]));
 112                         $value = sanitize_option($option, $value);
 113
 114                         if (update_option($option, $value) ) {
 115                                 $any_changed++;
 116                         }
 117                 }
 118         }
 119
 120         if ($any_changed) {
 121                         // If siteurl or home changed, reset cookies.
 122                         if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
 123                                 // If home changed, write rewrite rules to new location.
 124                                 $wp_rewrite->flush_rules();
 125                                 // Clear cookies for old paths.
 126                                 wp_clearcookie();
 127                                 // Set cookies for new paths.
 128                                 wp_setcookie($user_login, $user_pass_md5, true, get_settings('home'), get_settings('siteurl'));
 129                         }
 130
 131                         //$message = sprintf(__('%d setting(s) saved... '), $any_changed);
 132     }
 133
 134         $referred = remove_query_arg('updated' , wp_get_referer());
 135         $goback = add_query_arg('updated', 'true', wp_get_referer());
 136         $goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
 137         wp_redirect($goback);
 138     break;
 139
 140 default:
 141         include('admin-header.php'); ?>
 142
 143 <div class="wrap">
 144   <h2><?php _e('All Options'); ?></h2>
 145   <form name="form" action="options.php" method="post" id="all-options">
 146   <?php wp_nonce_field('update-options') ?>
 147   <input type="hidden" name="action" value="update" />
 148   <table width="98%">
 149 <?php
 150 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
 151
 152 foreach ( (array) $options as $option) :
 153         $disabled = '';
 154         $option->option_name = attribute_escape($option->option_name);
 155         if ( is_serialized($option->option_value) ) {
 156                 if ( is_serialized_string($option->option_value) ) {
 157                         // this is a serialized string, so we should display it
 158                         $value = maybe_unserialize($option->option_value);
 159                         $options_to_update[] = $option->option_name;
 160                         $class = 'all-options';
 161                 } else {
 162                         $value = 'SERIALIZED DATA';
 163                         $disabled = ' disabled="disabled"';
 164                         $class = 'all-options disabled';
 165                 }
 166         } else {
 167                 $value = $option->option_value;
 168                 $options_to_update[] = $option->option_name;
 169                 $class = 'all-options';
 170         }
 171         echo "
 172 <tr>
 173         <th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
 174 <td>";
 175
 176         if (strpos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "</textarea>";
 177         else echo "<input class='$class' type='text' name='$option->option_name' id='$option->option_name' size='30' value='" . attribute_escape($value) . "'$disabled />";
 178
 179         echo "</td>
 180         <td>$option->option_description</td>
 181 </tr>";
 182 endforeach;
 183 ?>
 184   </table>
 185 <?php $options_to_update = implode(',', $options_to_update); ?>
 186 <p class="submit"><input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /><input type="submit" name="Update" value="<?php _e('Update Options &raquo;') ?>" /></p>
 187   </form>
 188 </div>
 189
 190
 191 <?php
 192 break;
 193 } // end switch
 194
 195 include('admin-footer.php');
 196 ?>