function settings_validate($input)
{
$new_input = array();
if (isset($input["cce-data_url"])) {
if (!filter_var($input["cce-data_url"], FILTER_VALIDATE_URL)) {
//check if valid URL
//invalid so add settings error
add_settings_error("cce-data_url", "cce-data_url-error", __(esc_attr("The CampusCE data URL must be a valid URL.")), "error");
} else {
$new_input["cce-data_url"] = sanitize_option("siteurl", $input["cce-data_url"]);
}
}
if (isset($input["cce-user_key"])) {
$new_input["cce-user_key"] = sanitize_text_field($input["cce-user_key"]);
}
if (isset($input["cce-post_type"])) {
$new_input["cce-post_type"] = sanitize_text_field($input["cce-post_type"]);
}
if (isset($input["cce-taxonomy"])) {
$new_input["cce-taxonomy"] = sanitize_text_field($input["cce-taxonomy"]);
}
if (isset($input["cce-field-id"])) {
$new_input["cce-field-id"] = sanitize_text_field($input["cce-field-id"]);
}
return $new_input;
}
/**
* Step init
*/
protected function init()
{
$fields = [['name' => 'wpem_site_type', 'label' => __('Type', 'wp-easy-mode'), 'type' => 'radio', 'sanitizer' => 'sanitize_key', 'description' => __('What type of website would you like to create?', 'wp-easy-mode'), 'value' => wpem_get_site_type(), 'required' => true, 'choices' => ['standard' => __('Website + Blog', 'wp-easy-mode'), 'blog' => __('Blog only', 'wp-easy-mode'), 'store' => __('Online Store', 'wp-easy-mode')]], ['name' => 'wpem_site_industry', 'label' => __('Industry', 'wp-easy-mode'), 'type' => 'select', 'sanitizer' => 'sanitize_key', 'description' => __('What will your website be about?', 'wp-easy-mode'), 'value' => wpem_get_site_industry(), 'required' => true, 'choices' => wpem_get_site_industry_slugs_to('label')], ['name' => 'blogname', 'label' => __('Title', 'wp-easy-mode'), 'type' => 'text', 'sanitizer' => function ($value) {
return stripcslashes(sanitize_option('blogname', $value));
}, 'description' => __('The title of your website appears at the top of all pages and in search results.', 'wp-easy-mode'), 'value' => get_option('blogname'), 'required' => true, 'atts' => ['placeholder' => __('Enter your website title here', 'wp-easy-mode')]], ['name' => 'blogdescription', 'label' => __('Tagline', 'wp-easy-mode'), 'type' => 'text', 'sanitizer' => function ($value) {
return stripcslashes(sanitize_option('blogdescription', $value));
}, 'description' => __('Think of the tagline as a slogan that describes what makes your website special. It will also appear in search results.', 'wp-easy-mode'), 'value' => get_option('blogdescription'), 'required' => true, 'atts' => ['placeholder' => __('Enter your website tagline here', 'wp-easy-mode')]]];
$this->fields = new Fields($fields);
add_action('wpem_template_notices', [$this->fields, 'error_notice']);
}
/**
* Add metabox to post types
*/
function dkpdf_meta_box_setup()
{
// get post types selected in settings
$pdfbutton_post_types = sanitize_option('dkpdf_pdfbutton_post_types', get_option('dkpdf_pdfbutton_post_types'));
if ($pdfbutton_post_types) {
// add metabox to selected post types
foreach ($pdfbutton_post_types as $post_type) {
add_meta_box('post-data', __('DK PDF', 'dkpdf'), 'dkpdf_meta_box_content', $post_type, 'normal', 'high');
}
}
}
/**
* @ticket 36122
*/
public function test_emoji_in_blogname_and_description()
{
global $wpdb;
$value = "whee😈";
if ('utf8mb4' === $wpdb->get_col_charset($wpdb->options, 'option_value')) {
$expected = $value;
} else {
$expected = 'whee😈';
}
$this->assertSame($expected, sanitize_option('blogname', $value));
$this->assertSame($expected, sanitize_option('blogdescription', $value));
}
/**
* @dataProvider permalink_structure_provider
*/
public function test_sanitize_permalink_structure($provided, $expected, $valid)
{
global $wp_settings_errors;
$old_wp_settings_errors = (array) $wp_settings_errors;
$actual = sanitize_option('permalink_structure', $provided);
$errors = get_settings_errors('permalink_structure');
// Clear errors.
$wp_settings_errors = $old_wp_settings_errors;
if ($valid) {
$this->assertEmpty($errors);
} else {
$this->assertNotEmpty($errors);
$this->assertEquals('invalid_permalink_structure', $errors[0]['code']);
}
$this->assertEquals($expected, $actual);
}
function csg_sitemap()
{
// Create empty string
$sitemap = '';
// Sanitize and escape input
$frequency = sanitize_option('frequency', $_POST['frequency']);
$frequency = esc_html($frequency);
// And finally, check if its a safe value
$check_input = $frequency;
$safe_values = array('always', 'hourly', 'daily', 'weekly', 'monthly', 'yearly', 'never');
if (in_array($check_input, $safe_values, true)) {
// Add basic XML output
$sitemap .= '<?xml version="1.0" encoding="UTF-8"?>
<urlset xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">';
// Add homepage
$sitemap .= '
<url>
<loc>' . get_site_url() . '/</loc>
<changefreq>' . $frequency . '</changefreq>
</url>
';
// Add pages
// Arguments for selecting pages
$args = array('post_type' => 'page', 'posts_per_page' => 9000);
// The Query
query_posts($args);
// The Loop
while (have_posts()) {
the_post();
$sitemap .= '
<url>
<loc>' . get_the_permalink() . '</loc>
<changefreq>' . $frequency . '</changefreq>
</url>
';
}
$sitemap .= '</urlset>';
// Reset Query
wp_reset_query();
} else {
wp_die('Invalid data');
// If the frequency is not accepted, return error
}
// Return sitemap-string but first filter any text containing illegal named entities
return ent2ncr($sitemap);
}
/**
* Save default theme for network
*
* @author Julien Maury
*/
static function network_save_theme_option()
{
/**
* is there an action ?
*/
if (!isset($_POST['default_network_theme'])) {
return false;
}
/**
* check admin referer
*/
check_admin_referer('siteoptions');
if ($_POST['default_network_theme']) {
return update_site_option('default_network_theme', apply_filters('default_network_theme_pre_update_option', sanitize_option('default_network_theme', $_POST['default_network_theme'])));
}
return true;
}
/**
* @ticket 27942
*/
function test_bloginfo_sanitize_option()
{
$old_values = array('blogname' => get_option('blogname'), 'blogdescription' => get_option('blogdescription'));
$values = array('foo' => 'foo', '<em>foo</em>' => '<em>foo</em>', '<script>foo</script>' => '<script>foo</script>', '<foo>' => '<foo>', '<foo' => '<foo');
foreach ($values as $value => $expected) {
$sanitized_value = sanitize_option('blogname', $value);
update_option('blogname', $sanitized_value);
$this->assertEquals($expected, $sanitized_value);
$this->assertEquals($expected, get_bloginfo('name'));
$this->assertEquals($expected, get_bloginfo('name', 'display'));
$sanitized_value = sanitize_option('blogdescription', $value);
update_option('blogdescription', $sanitized_value);
$this->assertEquals($expected, $sanitized_value);
$this->assertEquals($expected, get_bloginfo('description'));
$this->assertEquals($expected, get_bloginfo('description', 'display'));
}
// Restore old values.
foreach ($old_values as $option_name => $value) {
update_option($option_name, $value);
}
}
/**
* Update the value of a network option that was already added.
*
* @since 4.4.0
*
* @see update_option()
*
* @global wpdb $wpdb
* @global object $current_site
*
* @param string $option Name of option. Expected to not be SQL-escaped.
* @param mixed $value Option value. Expected to not be SQL-escaped.
* @param int|bool $network_id Optional. ID of the network. Defaults to current network ID.
* @return bool False if value was not updated and true if value was updated.
*/
function update_network_option($option, $value, $network_id = false)
{
global $wpdb, $current_site;
$network_id = (int) $network_id;
// Fallback to the current network if a network ID is not specified.
if (!$network_id && is_multisite()) {
$network_id = $current_site->id;
}
wp_protect_special_option($option);
$old_value = get_network_option($option, false, $network_id);
/**
* Filter a specific network option before its value is updated.
*
* The dynamic portion of the hook name, `$option`, refers to the option name.
*
* @since 2.9.0 As 'pre_update_site_option_' . $key
* @since 3.0.0
* @since 4.4.0 The `$option` parameter was added
*
* @param mixed $value New value of the network option.
* @param mixed $old_value Old value of the network option.
* @param string $option Option name.
*/
$value = apply_filters('pre_update_site_option_' . $option, $value, $old_value, $option);
if ($value === $old_value) {
return false;
}
if (false === $old_value) {
return add_network_option($option, $value, $network_id);
}
$notoptions_key = "{$network_id}:notoptions";
$notoptions = wp_cache_get($notoptions_key, 'site-options');
if (is_array($notoptions) && isset($notoptions[$option])) {
unset($notoptions[$option]);
wp_cache_set($notoptions_key, $notoptions, 'site-options');
}
if (!is_multisite()) {
$result = update_option($option, $value);
} else {
$value = sanitize_option($option, $value);
$serialized_value = maybe_serialize($value);
$result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $network_id, 'meta_key' => $option));
if ($result) {
$cache_key = "{$network_id}:{$option}";
wp_cache_set($cache_key, $value, 'site-options');
}
}
if ($result) {
/**
* Fires after the value of a specific network option has been successfully updated.
*
* The dynamic portion of the hook name, `$option`, refers to the option name.
*
* @since 2.9.0 As "update_site_option_{$key}"
* @since 3.0.0
*
* @param string $option Name of the network option.
* @param mixed $value Current value of the network option.
* @param mixed $old_value Old value of the network option.
*/
do_action('update_site_option_' . $option, $option, $value, $old_value);
/**
* Fires after the value of a network option has been successfully updated.
*
* @since 3.0.0
*
* @param string $option Name of the network option.
* @param mixed $value Current value of the network option.
* @param mixed $old_value Old value of the network option.
*/
do_action('update_site_option', $option, $value, $old_value);
return true;
}
return false;
}
function save_redirects($data)
{
// Save the redirects from the options page to the database
// As of version 5.0.7 the redirects are saved by adding to the existing ones, not resaving all of them from form -
// this was to prevent the max_input_vars issue when that was set low and there were a lot of redirects.
$currRedirects = get_option('quickppr_redirects', array());
$currMeta = get_option('quickppr_redirects_meta', array());
//TODO: Add Back up Redirects
//TODO: Add New Redirects to TOP not Bottom.
$protocols = apply_filters('qppr_allowed_protocols', array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp'));
for ($i = 0; $i < sizeof($data['request']); ++$i) {
$request = esc_url(str_replace(' ', '%20', trim($data['request'][$i])), null, 'appip');
$destination = esc_url(str_replace(' ', '%20', trim($data['destination'][$i])), null, 'appip');
$newwin = isset($data['newwindow'][$i]) && (int) trim($data['newwindow'][$i]) == 1 ? 1 : 0;
$nofoll = isset($data['nofollow'][$i]) && (int) trim($data['nofollow'][$i]) == 1 ? 1 : 0;
if (strpos($request, '/', 0) !== 0 && !$this->qppr_strposa($request, $protocols)) {
$request = '/' . $request;
}
// adds root marker to front if not there
if (strpos($request, '.') === false && strpos($request, '?') === false && strpos($request, '/', strlen($request) - 1) === false) {
$request = $request . '/';
}
// adds end folder marker if not a file end
if (($request == '' || $request == '/') && $destination == '') {
continue;
//if nothing there do nothing
} elseif ($request != '' && $request != '/' && $destination == '') {
$currRedirects[$request] = '/';
} else {
$currRedirects[$request] = $destination;
}
$currMeta[$request]['newwindow'] = $newwin;
$currMeta[$request]['nofollow'] = $nofoll;
}
update_option('quickppr_redirects', sanitize_option('quickppr_redirects', $currRedirects));
update_option('quickppr_redirects_meta', sanitize_option('quickppr_redirects_meta', $currMeta));
$this->quickppr_redirectsmeta = get_option('quickppr_redirects_meta', array());
$this->quickppr_redirects = get_option('quickppr_redirects', array());
return $currRedirects;
}
jQuery("#fb-img").hide();
jQuery("#fb-msg").show();
setTimeout(function() {location.reload(true);}, 2000);
}
});
}
</script>
<?php
wp_enqueue_style('op-bootstrap-css', WEBLIZAR_TWITTER_PLUGIN_URL . 'css/bootstrap.min.css');
$TwitterUserName = sanitize_text_field($_REQUEST['twitter-page-user_name']);
$Theme = sanitize_text_field($_REQUEST['show-theme-background']);
$Height = sanitize_text_field($_REQUEST['twitter-page-url-Height']);
$TwitterWidgetId = sanitize_text_field($_REQUEST['twitter-page-id-fetch']);
$LinkColor = sanitize_text_field($_REQUEST['twitter-page-lnk-Color']);
$ExcludeReplies = sanitize_option('ExcludeReplies', $_REQUEST['exclude_replies_23']);
$AutoExpandPhotos = sanitize_option('AutoExpandPhotos', $_REQUEST['photo_1234']);
if (isset($_REQUEST['twitter-page-id-fetch'])) {
$TwitterSettingsArray = serialize(array('TwitterUserName' => $TwitterUserName, 'Theme' => $Theme, 'Height' => $Height, 'TwitterWidgetId' => $TwitterWidgetId, 'LinkColor' => $LinkColor, 'ExcludeReplies' => $ExcludeReplies, 'AutoExpandPhotos' => $AutoExpandPhotos));
update_option("ali_twitter_shortcode", $TwitterSettingsArray);
}
?>
<div class="block ui-tabs-panel active" id="option-general">
<div class="row">
<div class="col-md-6">
<h2><?php
_e('Twitter Shortcode Settings', WEBLIZAR_TWITTER_TEXT_DOMAIN);
?>
: [TWTR]</h2>
<hr>
<form name='fb-form' id='fb-form'>
<?php
function add_option($name, $value = '', $deprecated = '', $autoload = 'yes')
{
global $wpdb;
wp_protect_special_option($name);
$safe_name = $wpdb->escape($name);
$value = sanitize_option($name, $value);
// Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query
$notoptions = wp_cache_get('notoptions', 'options');
if (!is_array($notoptions) || !isset($notoptions[$name])) {
if (false !== get_option($safe_name)) {
return;
}
}
$value = maybe_serialize($value);
$autoload = 'no' === $autoload ? 'no' : 'yes';
if ('yes' == $autoload) {
$alloptions = wp_load_alloptions();
$alloptions[$name] = $value;
wp_cache_set('alloptions', $alloptions, 'options');
} else {
wp_cache_set($name, $value, 'options');
}
// This option exists now
$notoptions = wp_cache_get('notoptions', 'options');
// yes, again... we need it to be fresh
if (is_array($notoptions) && isset($notoptions[$name])) {
unset($notoptions[$name]);
wp_cache_set('notoptions', $notoptions, 'options');
}
$wpdb->query($wpdb->prepare("INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload));
do_action("add_option_{$name}", $name, $value);
return;
}
/**
* Load the template loop for the current object.
*
* @return string Prints template loop for the specified object
* @since BuddyPress (1.2)
*/
function bp_legacy_theme_object_template_loader()
{
// Bail if not a POST action
if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) {
return;
}
// Bail if no object passed
if (empty($_POST['object'])) {
return;
}
// Sanitize the object
$object = sanitize_title($_POST['object']);
// Bail if object is not an active component to prevent arbitrary file inclusion
if (!bp_is_active($object)) {
return;
}
/**
* AJAX requests happen too early to be seen by bp_update_is_directory()
* so we do it manually here to ensure templates load with the correct
* context. Without this check, templates will load the 'single' version
* of themselves rather than the directory version.
*/
if (!bp_current_action()) {
bp_update_is_directory(true, bp_current_component());
}
$template_part = $object . '/' . $object . '-loop';
// The template part can be overridden by the calling JS function
if (!empty($_POST['template'])) {
$template_part = sanitize_option('upload_path', $_POST['template']);
}
// Locate the object template
bp_get_template_part($template_part);
exit;
}
/**
* Update an option.
*
* ## OPTIONS
*
* <key>
* : The name of the option to add.
*
* [<value>]
* : The new value. If ommited, the value is read from STDIN.
*
* [--autoload=<autoload>]
* : Requires WP 4.2. Should this option be automatically loaded. Accepted values: yes, no. Default: yes
*
* [--format=<format>]
* : The serialization format for the value. Default is plaintext.
*
* ## EXAMPLES
*
* # Update an option by reading from a file
* wp option update my_option < value.txt
*
* # Update one option on multiple sites using xargs
* wp site list --field=url | xargs -n1 -I {} sh -c 'wp --url={} option update <key> <value>'
*
* @alias set
*/
public function update($args, $assoc_args)
{
$key = $args[0];
$value = WP_CLI::get_value_from_arg_or_stdin($args, 1);
$value = WP_CLI::read_value($value, $assoc_args);
$autoload = \WP_CLI\Utils\get_flag_value($assoc_args, 'autoload');
if (!in_array($autoload, array('yes', 'no'))) {
$autoload = null;
}
$value = sanitize_option($key, $value);
$old_value = sanitize_option($key, get_option($key));
if ($value === $old_value && is_null($autoload)) {
WP_CLI::success("Value passed for '{$key}' option is unchanged.");
} else {
if (update_option($key, $value, $autoload)) {
WP_CLI::success("Updated '{$key}' option.");
} else {
WP_CLI::error("Could not update option '{$key}'.");
}
}
}
/**
* Generic date_format validation
*
* @param <string> $date_format
*
* @return <string>
*/
public function date_format($date_format)
{
if (!empty($date_format) && is_string($date_format)) {
$date_format = strlen($date_format) == 19 ? $date_format : '';
$safe_date_format = sanitize_option('date_format', $date_format);
} else {
$safe_date_format = '';
}
return $safe_date_format;
}
/**
* Ajax handler for time formatting.
*
* @since 3.1.0
*/
function wp_ajax_time_format()
{
wp_die(date_i18n(sanitize_option('time_format', wp_unslash($_POST['date']))));
}
/**
* Update the value of a site option that was already added.
*
* @see update_option()
* @since 2.8.0
* @package WordPress
* @subpackage Option
*
* @uses apply_filters() Calls 'pre_update_site_option_$option' hook to allow overwriting the
* option value to be stored.
* @uses do_action() Calls 'update_site_option_$option' and 'update_site_option' hooks on success.
*
* @param string $option Name of option. Expected to not be SQL-escaped.
* @param mixed $value Option value. Expected to not be SQL-escaped.
* @return bool False if value was not updated and true if value was updated.
*/
function update_site_option($option, $value)
{
global $wpdb;
wp_protect_special_option($option);
$old_value = get_site_option($option);
$value = apply_filters('pre_update_site_option_' . $option, $value, $old_value);
if ($value === $old_value) {
return false;
}
if (false === $old_value) {
return add_site_option($option, $value);
}
$notoptions = wp_cache_get('notoptions', 'site-options');
if (is_array($notoptions) && isset($notoptions[$option])) {
unset($notoptions[$option]);
wp_cache_set('notoptions', $notoptions, 'site-options');
}
if (!is_multisite()) {
$result = update_option($option, $value);
} else {
$value = sanitize_option($option, $value);
$serialized_value = maybe_serialize($value);
$result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $wpdb->siteid, 'meta_key' => $option));
if ($result) {
$cache_key = "{$wpdb->siteid}:{$option}";
wp_cache_set($cache_key, $value, 'site-options');
}
}
if ($result) {
do_action("update_site_option_{$option}", $option, $value, $old_value);
do_action("update_site_option", $option, $value, $old_value);
return true;
}
return false;
}
function epanel_save_data($source)
{
global $options, $shortname;
if (!current_user_can('switch_themes')) {
die('-1');
}
// load theme settings array
et_load_core_options();
if (isset($_POST['action'])) {
do_action('et_epanel_changing_options');
$epanel = isset($_GET['page']) ? $_GET['page'] : basename(__FILE__);
$redirect_url = esc_url_raw(add_query_arg('page', $epanel, admin_url('themes.php')));
if ('save_epanel' == $_POST['action']) {
if ('ajax' != $source) {
check_admin_referer('epanel_nonce');
}
foreach ($options as $value) {
$et_option_name = $et_option_new_value = false;
if (isset($value['id'])) {
$et_option_name = $value['id'];
if (isset($_POST[$value['id']])) {
if (in_array($value['type'], array('text', 'textlimit', 'password'))) {
if (isset($value['validation_type'])) {
// saves the value as integer
if ('number' == $value['validation_type']) {
$et_option_new_value = intval(stripslashes($_POST[$value['id']]));
}
// makes sure the option is a url
if ('url' == $value['validation_type']) {
$et_option_new_value = esc_url_raw(stripslashes($_POST[$value['id']]));
}
// option is a date format
if ('date_format' == $value['validation_type']) {
$et_option_new_value = sanitize_option('date_format', $_POST[$value['id']]);
}
/*
* html is not allowed
* wp_strip_all_tags can't be used here, because it returns trimmed text, some options need spaces ( e.g 'character to separate BlogName and Post title' option )
*/
if ('nohtml' == $value['validation_type']) {
$et_option_new_value = stripslashes(wp_filter_nohtml_kses($_POST[$value['id']]));
}
} else {
// use html allowed for posts if the validation type isn't provided
$et_option_new_value = wp_kses_post(stripslashes($_POST[$value['id']]));
}
} elseif ('select' == $value['type']) {
// select boxes that list pages / categories should save page/category ID ( as integer )
if (isset($value['et_array_for']) && in_array($value['et_array_for'], array('pages', 'categories'))) {
$et_option_new_value = intval(stripslashes($_POST[$value['id']]));
} else {
// html is not allowed in select boxes
$et_option_new_value = sanitize_text_field(stripslashes($_POST[$value['id']]));
}
} elseif (in_array($value['type'], array('checkbox', 'checkbox2'))) {
// saves 'on' value to the database, if the option is enabled
$et_option_new_value = 'on';
} elseif ('upload' == $value['type']) {
// makes sure the option is a url
$et_option_new_value = esc_url_raw(stripslashes($_POST[$value['id']]));
} elseif (in_array($value['type'], array('textcolorpopup', 'et_color_palette'))) {
// the color value
$et_option_new_value = sanitize_text_field(stripslashes($_POST[$value['id']]));
} elseif ('textarea' == $value['type']) {
if (isset($value['validation_type'])) {
// html is not allowed
if ('nohtml' == $value['validation_type']) {
if ($value['id'] === $shortname . '_custom_css') {
// don't strip slashes from custom css, it should be possible to use \ for icon fonts
$et_option_new_value = wp_strip_all_tags($_POST[$value['id']]);
} else {
$et_option_new_value = wp_strip_all_tags(stripslashes($_POST[$value['id']]));
}
}
} else {
if (current_user_can('unfiltered_html')) {
$et_option_new_value = stripslashes($_POST[$value['id']]);
} else {
$et_option_new_value = stripslashes(wp_filter_post_kses(addslashes($_POST[$value['id']])));
// wp_filter_post_kses() expects slashed value
}
}
} elseif ('checkboxes' == $value['type']) {
if ('sanitize_text_field' == $value['value_sanitize_function']) {
// strings
$et_option_new_value = array_map('sanitize_text_field', stripslashes_deep($_POST[$value['id']]));
} else {
// saves categories / pages IDs
$et_option_new_value = array_map('intval', stripslashes_deep($_POST[$value['id']]));
}
} elseif ('different_checkboxes' == $value['type']) {
// saves 'author/date/categories/comments' options
$et_option_new_value = array_map('intval', array_map('wp_strip_all_tags', stripslashes_deep($_POST[$value['id']])));
}
} else {
if (in_array($value['type'], array('checkbox', 'checkbox2'))) {
$et_option_new_value = 'false';
} else {
if ('different_checkboxes' == $value['type']) {
$et_option_new_value = array();
} else {
et_delete_option($value['id']);
}
}
}
if (false !== $et_option_name && false !== $et_option_new_value) {
$is_new_global_setting = false;
$global_setting_main_name = $global_setting_sub_name = '';
if (isset($value['is_global']) && $value['is_global']) {
$is_new_global_setting = true;
$global_setting_main_name = isset($value['main_setting_name']) ? sanitize_text_field($value['main_setting_name']) : '';
$global_setting_sub_name = isset($value['sub_setting_name']) ? sanitize_text_field($value['sub_setting_name']) : '';
}
et_update_option($et_option_name, $et_option_new_value, $is_new_global_setting, $global_setting_main_name, $global_setting_sub_name);
}
}
}
$redirect_url = add_query_arg('saved', 'true', $redirect_url);
if ('js_disabled' == $source) {
header("Location: " . $redirect_url);
}
die('1');
} else {
if ('reset' == $_POST['action']) {
check_admin_referer('et-nojs-reset_epanel', '_wpnonce_reset');
foreach ($options as $value) {
if (isset($value['id'])) {
et_delete_option($value['id']);
if (isset($value['std'])) {
et_update_option($value['id'], $value['std']);
}
}
}
$redirect_url = add_query_arg('reset', 'true', $redirect_url);
header("Location: " . $redirect_url);
die('1');
}
}
}
}
/**
* Update the value of a site option that was already added.
*
* @since 2.8.0
*
* @see update_option()
*
* @global wpdb $wpdb
*
* @param string $option Name of option. Expected to not be SQL-escaped.
* @param mixed $value Option value. Expected to not be SQL-escaped.
* @return bool False if value was not updated and true if value was updated.
*/
function update_site_option($option, $value)
{
global $wpdb;
wp_protect_special_option($option);
$old_value = get_site_option($option);
/**
* Filter a specific site option before its value is updated.
*
* The dynamic portion of the hook name, `$option`, refers to the option name.
*
* @since 2.9.0 As 'pre_update_site_option_' . $key
* @since 3.0.0
*
* @param mixed $value New value of site option.
* @param mixed $old_value Old value of site option.
*/
$value = apply_filters('pre_update_site_option_' . $option, $value, $old_value);
if ($value === $old_value) {
return false;
}
if (false === $old_value) {
return add_site_option($option, $value);
}
$notoptions_key = "{$wpdb->siteid}:notoptions";
$notoptions = wp_cache_get($notoptions_key, 'site-options');
if (is_array($notoptions) && isset($notoptions[$option])) {
unset($notoptions[$option]);
wp_cache_set($notoptions_key, $notoptions, 'site-options');
}
if (!is_multisite()) {
$result = update_option($option, $value);
} else {
$value = sanitize_option($option, $value);
$serialized_value = maybe_serialize($value);
$result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $wpdb->siteid, 'meta_key' => $option));
if ($result) {
$cache_key = "{$wpdb->siteid}:{$option}";
wp_cache_set($cache_key, $value, 'site-options');
}
}
if ($result) {
/**
* Fires after the value of a specific site option has been successfully updated.
*
* The dynamic portion of the hook name, `$option`, refers to the option name.
*
* @since 2.9.0 As "update_site_option_{$key}"
* @since 3.0.0
*
* @param string $option Name of site option.
* @param mixed $value Current value of site option.
* @param mixed $old_value Old value of site option.
*/
do_action("update_site_option_{$option}", $option, $value, $old_value);
/**
* Fires after the value of a site option has been successfully updated.
*
* @since 3.0.0
*
* @param string $option Name of site option.
* @param mixed $value Current value of site option.
* @param mixed $old_value Old value of site option.
*/
do_action("update_site_option", $option, $value, $old_value);
return true;
}
return false;
}
if (delete_post_thumbnail($post_ID)) {
die(_wp_post_thumbnail_html());
} else {
die('0');
}
}
if (set_post_thumbnail($post_ID, $thumbnail_id)) {
die(_wp_post_thumbnail_html($thumbnail_id));
}
die('0');
break;
case 'date_format':
die(date_i18n(sanitize_option('date_format', $_POST['date'])));
break;
case 'time_format':
die(date_i18n(sanitize_option('time_format', $_POST['date'])));
break;
case 'wp-fullscreen-save-post':
$post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0;
$post = $post_type = null;
if ($post_id) {
$post = get_post($post_id);
}
if ($post) {
$post_type = $post->post_type;
} elseif (isset($_POST['post_type']) && post_type_exists($_POST['post_type'])) {
$post_type = $_POST['post_type'];
}
check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce');
$post_id = edit_post();
if (is_wp_error($post_id)) {
check_admin_referer('update-options');
if ( !$_POST['page_options'] ) {
foreach ( (array) $_POST as $key => $value) {
if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
$options[] = $key;
}
} else {
$options = explode(',', stripslashes($_POST['page_options']));
}
if ($options) {
foreach ($options as $option) {
$option = trim($option);
$value = trim($_POST[$option]);
$value = sanitize_option($option, $value); // This does stripslashes on those that need it
update_option($option, $value);
}
}
$referred = remove_query_arg('updated' , wp_get_referer());
$goback = add_query_arg('updated', 'true', wp_get_referer());
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
wp_redirect($goback);
break;
default:
include('admin-header.php'); ?>
<div class="wrap">
<h2><?php _e('All Options'); ?></h2>
$any_changed = 0;
check_admin_referer('update-options');
if (!$_POST['page_options']) {
foreach ((array) $_POST as $key => $value) {
if (!in_array($key, array('_wpnonce', '_wp_http_referer'))) {
$options[] = $key;
}
}
} else {
$options = explode(',', stripslashes($_POST['page_options']));
}
if ($options) {
foreach ($options as $option) {
$option = trim($option);
$value = trim($_POST[$option]);
$value = sanitize_option($option, $value);
// This does stripslashes on those that need it
update_option($option, $value);
}
}
$referred = remove_query_arg('updated', wp_get_referer());
$goback = add_query_arg('updated', 'true', wp_get_referer());
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
wp_redirect($goback);
break;
default:
include 'admin-header.php';
?>
<div class="wrap">
<h2><?php
/**
* Fetch settings errors registered by add_settings_error()
*
* Checks the $wp_settings_errors array for any errors declared during the current
* pageload and returns them.
*
* If changes were just submitted ($_GET['settings-updated']) and settings errors were saved
* to the 'settings_errors' transient then those errors will be returned instead. This
* is used to pass errors back across pageloads.
*
* Use the $sanitize argument to manually re-sanitize the option before returning errors.
* This is useful if you have errors or notices you want to show even when the user
* hasn't submitted data (i.e. when they first load an options page, or in admin_notices action hook)
*
* @since 3.0.0
*
* @global array $wp_settings_errors Storage array of errors registered during this pageload
*
* @param string $setting Optional slug title of a specific setting who's errors you want.
* @param boolean $sanitize Whether to re-sanitize the setting value before returning errors.
* @return array Array of settings errors
*/
function get_settings_errors($setting = '', $sanitize = FALSE)
{
global $wp_settings_errors;
// If $sanitize is true, manually re-run the sanitizisation for this option
// This allows the $sanitize_callback from register_setting() to run, adding
// any settings errors you want to show by default.
if ($sanitize) {
sanitize_option($setting, get_option($setting));
}
// If settings were passed back from options.php then use them
// Ignore transients if $sanitize is true, we don't want the old values anyway
if (isset($_GET['settings-updated']) && $_GET['settings-updated'] && get_transient('settings_errors')) {
$settings_errors = get_transient('settings_errors');
delete_transient('settings_errors');
// Otherwise check global in case validation has been run on this pageload
} elseif (count($wp_settings_errors)) {
$settings_errors = $wp_settings_errors;
} else {
return;
}
// Filter the results to those of a specific setting if one was set
if ($setting) {
foreach ((array) $settings_errors as $key => $details) {
if ($setting != $details['setting']) {
unset($settings_errors[$key]);
}
}
}
return $settings_errors;
}
public static function sanitize_string_translation($translation, $name)
{
$translation = wp_unslash(trim($translation));
if (false !== ($option = array_search($name, self::$default_strings['options'], true))) {
$translation = sanitize_option($option, $translation);
}
if ($name == self::$default_strings['widget_title']) {
$translation = strip_tags($translation);
}
if ($name == self::$default_strings['widget_text'] && !current_user_can('unfiltered_html')) {
$translation = wp_unslash(wp_filter_post_kses(addslashes($translation)));
}
// wp_filter_post_kses() expects slashed
return $translation;
}
/**
* Update the value of a site option that was already added.
*
* @see update_option()
* @since 2.8.0
* @package WordPress
* @subpackage Option
*
* @uses apply_filters() Calls 'pre_update_site_option_$option' hook to allow overwriting the
* option value to be stored.
* @uses do_action() Calls 'update_site_option_$option' and 'update_site_option' hooks on success.
*
* @param string $option Name of option. Expected to not be SQL-escaped.
* @param mixed $value Option value. Expected to not be SQL-escaped.
* @return bool False if value was not updated and true if value was updated.
*/
function update_site_option($option, $value)
{
global $wpdb;
$oldvalue = get_site_option($option);
$value = apply_filters('pre_update_site_option_' . $option, $value, $oldvalue);
if ($value === $oldvalue) {
return false;
}
if (false === $oldvalue) {
return add_site_option($option, $value);
}
if (!is_multisite()) {
$result = update_option($option, $value);
} else {
$value = sanitize_option($option, $value);
$cache_key = "{$wpdb->siteid}:{$option}";
wp_cache_set($cache_key, $value, 'site-options');
$_value = $value;
$value = maybe_serialize($value);
$result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $value), array('site_id' => $wpdb->siteid, 'meta_key' => $option));
$value = $_value;
}
if ($result) {
do_action("update_site_option_{$option}", $option, $value, $oldvalue);
do_action("update_site_option", $option, $value, $oldvalue);
return true;
}
return false;
}
/**
* Update an option.
*
* ## OPTIONS
*
* <key>
* : The name of the option to add.
*
* [<value>]
* : The new value. If ommited, the value is read from STDIN.
*
* [--format=<format>]
* : The serialization format for the value. Default is plaintext.
*
* ## EXAMPLES
*
* # Update an option by reading from a file
* wp option update my_option < value.txt
*
* # Update one option on multiple sites using xargs
* wp site list --field=url | xargs -n1 -I {} sh -c 'wp --url={} option update <key> <value>'
*
* @alias set
*/
public function update($args, $assoc_args)
{
$key = $args[0];
$value = WP_CLI::get_value_from_arg_or_stdin($args, 1);
$value = WP_CLI::read_value($value, $assoc_args);
$value = sanitize_option($key, $value);
$old_value = sanitize_option($key, get_option($key));
if ($value === $old_value) {
WP_CLI::success("Value passed for '{$key}' option is unchanged.");
} else {
if (update_option($key, $value)) {
WP_CLI::success("Updated '{$key}' option.");
} else {
WP_CLI::error("Could not update option '{$key}'.");
}
}
}
/**
* Fetch settings errors registered by add_settings_error()
*
* Checks the $wp_settings_errors array for any errors declared during the current
* pageload and returns them.
*
* If changes were just submitted ($_GET['settings-updated']) and settings errors were saved
* to the 'settings_errors' transient then those errors will be returned instead. This
* is used to pass errors back across pageloads.
*
* Use the $sanitize argument to manually re-sanitize the option before returning errors.
* This is useful if you have errors or notices you want to show even when the user
* hasn't submitted data (i.e. when they first load an options page, or in the {@see 'admin_notices'}
* action hook).
*
* @since 3.0.0
*
* @global array $wp_settings_errors Storage array of errors registered during this pageload
*
* @param string $setting Optional slug title of a specific setting who's errors you want.
* @param boolean $sanitize Whether to re-sanitize the setting value before returning errors.
* @return array Array of settings errors
*/
function get_settings_errors($setting = '', $sanitize = false)
{
global $wp_settings_errors;
/*
* If $sanitize is true, manually re-run the sanitization for this option
* This allows the $sanitize_callback from register_setting() to run, adding
* any settings errors you want to show by default.
*/
if ($sanitize) {
sanitize_option($setting, get_option($setting));
}
// If settings were passed back from options.php then use them.
if (isset($_GET['settings-updated']) && $_GET['settings-updated'] && get_transient('settings_errors')) {
$wp_settings_errors = array_merge((array) $wp_settings_errors, get_transient('settings_errors'));
delete_transient('settings_errors');
}
// Check global in case errors have been added on this pageload.
if (!count($wp_settings_errors)) {
return array();
}
// Filter the results to those of a specific setting if one was set.
if ($setting) {
$setting_errors = array();
foreach ((array) $wp_settings_errors as $key => $details) {
if ($setting == $details['setting']) {
$setting_errors[] = $wp_settings_errors[$key];
}
}
return $setting_errors;
}
return $wp_settings_errors;
}
/**
* @dataProvider upload_path_provider
*/
public function test_sanitize_option_upload_path($provided, $expected)
{
$this->assertSame($expected, sanitize_option('upload_path', $provided));
}
/**
* Add a new option.
*
* You do not need to serialize values, if the value needs to be serialize, then
* it will be serialized before it is inserted into the database. Remember,
* resources can not be serialized or added as an option.
*
* You can create options without values and then add values later. Does not
* check whether the option has already been added, but does check that you
* aren't adding a protected WordPress option. Care should be taken to not name
* options, the same as the ones which are protected and to not add options
* that were already added.
*
* The filter named 'add_option_$optionname', with the $optionname being
* replaced with the option's name, will be called. The hook should accept two
* parameters, the first is the option name, and the second is the value.
*
* @package WordPress
* @subpackage Option
* @since 1.0.0
* @link http://alex.vort-x.net/blog/ Thanks Alex Stapleton
*
* @param string $name Option name to add. Expects to NOT be SQL escaped.
* @param mixed $value Optional. Option value, can be anything.
* @param mixed $deprecated Optional. Description. Not used anymore.
* @param bool $autoload Optional. Default is enabled. Whether to load the option when WordPress starts up.
* @return null returns when finished.
*/
function add_option($name, $value = '', $deprecated = '', $autoload = 'yes')
{
global $wpdb;
wp_protect_special_option($name);
$safe_name = $wpdb->escape($name);
$value = sanitize_option($name, $value);
if (false !== get_option($safe_name)) {
return;
}
$value = maybe_serialize($value);
$autoload = 'no' === $autoload ? 'no' : 'yes';
_set_option_cache($name, $value);
$wpdb->query($wpdb->prepare("INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload));
do_action("add_option_{$name}", $name, $value);
return;
}
private static function _update_option($option, $newvalue)
{
global $wpdb;
$option = trim($option);
if (empty($option)) {
return false;
}
$oldvalue = get_option($option);
if (false === $oldvalue) {
return add_option($option, $newvalue);
} else {
$newvalue = sanitize_option($option, $newvalue);
$newvalue = maybe_serialize($newvalue);
$result = $wpdb->update($wpdb->options, array('option_value' => $newvalue), array('option_name' => $option));
if ($result) {
return true;
}
}
return false;
}
