Changeset 5834 for branches/2.0/wp-admin

Timestamp:

08/01/07 19:25:33 (1 year ago)

Author:

markjaquith

Message:

Sanitize option names in options.php, use current escaping functions. for 2.0.x

Files:

• branches/2.0/wp-admin/options.php (modified) (4 diffs)

branches/2.0/wp-admin/options.php

@@ -152 +152 @@
-foreach ( (array) $options as $option) :
-    $disabled = '';
+    $option->option_name = attribute_escape($option->option_name);
-    if ( is_serialized($option->option_value) ) {
-        if ( is_serialized_string($option->option_value) ) {
-            // this is a serialized string, so we should display it
-wp_specialchars(maybe_unserialize($option->option_value), 'single'
+maybe_unserialize($option->option_value
-            $options_to_update[] = $option->option_name;
-            $class = 'all-options';
@@ -164 +165 @@
-        }
-    } else {
-wp_specialchars($option->option_value, 'single')
+$option->option_value
-        $options_to_update[] = $option->option_name;
-        $class = 'all-options';
@@ -173 +174 @@
-<td>";
-
-istr($value, "\n")) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>$value
-$value
-
+pos($value, "\n") !== false) echo "<textarea class='$class' name='$option->option_name' id='$option->option_name' cols='30' rows='5'>" . wp_specialchars($value) . "
+attribute_escape($value)
+
-    echo "</td>
-    <td>$option->option_description</td>
@@ -183 +184 @@
-  </table>
-<?php $options_to_update = implode(',', $options_to_update); ?>
-attribute_escape($options_to_update)
+$options_to_update
-  </form>
-</div>