function settings_validate($input) { $new_input = array(); if (isset($input["cce-data_url"])) { if (!filter_var($input["cce-data_url"], FILTER_VALIDATE_URL)) { //check if valid URL //invalid so add settings error add_settings_error("cce-data_url", "cce-data_url-error", __(esc_attr("The CampusCE data URL must be a valid URL.")), "error"); } else { $new_input["cce-data_url"] = sanitize_option("siteurl", $input["cce-data_url"]); } } if (isset($input["cce-user_key"])) { $new_input["cce-user_key"] = sanitize_text_field($input["cce-user_key"]); } if (isset($input["cce-post_type"])) { $new_input["cce-post_type"] = sanitize_text_field($input["cce-post_type"]); } if (isset($input["cce-taxonomy"])) { $new_input["cce-taxonomy"] = sanitize_text_field($input["cce-taxonomy"]); } if (isset($input["cce-field-id"])) { $new_input["cce-field-id"] = sanitize_text_field($input["cce-field-id"]); } return $new_input; }
/** * Step init */ protected function init() { $fields = [['name' => 'wpem_site_type', 'label' => __('Type', 'wp-easy-mode'), 'type' => 'radio', 'sanitizer' => 'sanitize_key', 'description' => __('What type of website would you like to create?', 'wp-easy-mode'), 'value' => wpem_get_site_type(), 'required' => true, 'choices' => ['standard' => __('Website + Blog', 'wp-easy-mode'), 'blog' => __('Blog only', 'wp-easy-mode'), 'store' => __('Online Store', 'wp-easy-mode')]], ['name' => 'wpem_site_industry', 'label' => __('Industry', 'wp-easy-mode'), 'type' => 'select', 'sanitizer' => 'sanitize_key', 'description' => __('What will your website be about?', 'wp-easy-mode'), 'value' => wpem_get_site_industry(), 'required' => true, 'choices' => wpem_get_site_industry_slugs_to('label')], ['name' => 'blogname', 'label' => __('Title', 'wp-easy-mode'), 'type' => 'text', 'sanitizer' => function ($value) { return stripcslashes(sanitize_option('blogname', $value)); }, 'description' => __('The title of your website appears at the top of all pages and in search results.', 'wp-easy-mode'), 'value' => get_option('blogname'), 'required' => true, 'atts' => ['placeholder' => __('Enter your website title here', 'wp-easy-mode')]], ['name' => 'blogdescription', 'label' => __('Tagline', 'wp-easy-mode'), 'type' => 'text', 'sanitizer' => function ($value) { return stripcslashes(sanitize_option('blogdescription', $value)); }, 'description' => __('Think of the tagline as a slogan that describes what makes your website special. It will also appear in search results.', 'wp-easy-mode'), 'value' => get_option('blogdescription'), 'required' => true, 'atts' => ['placeholder' => __('Enter your website tagline here', 'wp-easy-mode')]]]; $this->fields = new Fields($fields); add_action('wpem_template_notices', [$this->fields, 'error_notice']); }
/** * Add metabox to post types */ function dkpdf_meta_box_setup() { // get post types selected in settings $pdfbutton_post_types = sanitize_option('dkpdf_pdfbutton_post_types', get_option('dkpdf_pdfbutton_post_types')); if ($pdfbutton_post_types) { // add metabox to selected post types foreach ($pdfbutton_post_types as $post_type) { add_meta_box('post-data', __('DK PDF', 'dkpdf'), 'dkpdf_meta_box_content', $post_type, 'normal', 'high'); } } }
/** * @ticket 36122 */ public function test_emoji_in_blogname_and_description() { global $wpdb; $value = "whee😈"; if ('utf8mb4' === $wpdb->get_col_charset($wpdb->options, 'option_value')) { $expected = $value; } else { $expected = 'whee😈'; } $this->assertSame($expected, sanitize_option('blogname', $value)); $this->assertSame($expected, sanitize_option('blogdescription', $value)); }
/** * @dataProvider permalink_structure_provider */ public function test_sanitize_permalink_structure($provided, $expected, $valid) { global $wp_settings_errors; $old_wp_settings_errors = (array) $wp_settings_errors; $actual = sanitize_option('permalink_structure', $provided); $errors = get_settings_errors('permalink_structure'); // Clear errors. $wp_settings_errors = $old_wp_settings_errors; if ($valid) { $this->assertEmpty($errors); } else { $this->assertNotEmpty($errors); $this->assertEquals('invalid_permalink_structure', $errors[0]['code']); } $this->assertEquals($expected, $actual); }
function csg_sitemap() { // Create empty string $sitemap = ''; // Sanitize and escape input $frequency = sanitize_option('frequency', $_POST['frequency']); $frequency = esc_html($frequency); // And finally, check if its a safe value $check_input = $frequency; $safe_values = array('always', 'hourly', 'daily', 'weekly', 'monthly', 'yearly', 'never'); if (in_array($check_input, $safe_values, true)) { // Add basic XML output $sitemap .= '<?xml version="1.0" encoding="UTF-8"?> <urlset xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9 http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">'; // Add homepage $sitemap .= ' <url> <loc>' . get_site_url() . '/</loc> <changefreq>' . $frequency . '</changefreq> </url> '; // Add pages // Arguments for selecting pages $args = array('post_type' => 'page', 'posts_per_page' => 9000); // The Query query_posts($args); // The Loop while (have_posts()) { the_post(); $sitemap .= ' <url> <loc>' . get_the_permalink() . '</loc> <changefreq>' . $frequency . '</changefreq> </url> '; } $sitemap .= '</urlset>'; // Reset Query wp_reset_query(); } else { wp_die('Invalid data'); // If the frequency is not accepted, return error } // Return sitemap-string but first filter any text containing illegal named entities return ent2ncr($sitemap); }
/** * Save default theme for network * * @author Julien Maury */ static function network_save_theme_option() { /** * is there an action ? */ if (!isset($_POST['default_network_theme'])) { return false; } /** * check admin referer */ check_admin_referer('siteoptions'); if ($_POST['default_network_theme']) { return update_site_option('default_network_theme', apply_filters('default_network_theme_pre_update_option', sanitize_option('default_network_theme', $_POST['default_network_theme']))); } return true; }
/** * @ticket 27942 */ function test_bloginfo_sanitize_option() { $old_values = array('blogname' => get_option('blogname'), 'blogdescription' => get_option('blogdescription')); $values = array('foo' => 'foo', '<em>foo</em>' => '<em>foo</em>', '<script>foo</script>' => '<script>foo</script>', '<foo>' => '<foo>', '<foo' => '<foo'); foreach ($values as $value => $expected) { $sanitized_value = sanitize_option('blogname', $value); update_option('blogname', $sanitized_value); $this->assertEquals($expected, $sanitized_value); $this->assertEquals($expected, get_bloginfo('name')); $this->assertEquals($expected, get_bloginfo('name', 'display')); $sanitized_value = sanitize_option('blogdescription', $value); update_option('blogdescription', $sanitized_value); $this->assertEquals($expected, $sanitized_value); $this->assertEquals($expected, get_bloginfo('description')); $this->assertEquals($expected, get_bloginfo('description', 'display')); } // Restore old values. foreach ($old_values as $option_name => $value) { update_option($option_name, $value); } }
/** * Update the value of a network option that was already added. * * @since 4.4.0 * * @see update_option() * * @global wpdb $wpdb * @global object $current_site * * @param string $option Name of option. Expected to not be SQL-escaped. * @param mixed $value Option value. Expected to not be SQL-escaped. * @param int|bool $network_id Optional. ID of the network. Defaults to current network ID. * @return bool False if value was not updated and true if value was updated. */ function update_network_option($option, $value, $network_id = false) { global $wpdb, $current_site; $network_id = (int) $network_id; // Fallback to the current network if a network ID is not specified. if (!$network_id && is_multisite()) { $network_id = $current_site->id; } wp_protect_special_option($option); $old_value = get_network_option($option, false, $network_id); /** * Filter a specific network option before its value is updated. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * @since 2.9.0 As 'pre_update_site_option_' . $key * @since 3.0.0 * @since 4.4.0 The `$option` parameter was added * * @param mixed $value New value of the network option. * @param mixed $old_value Old value of the network option. * @param string $option Option name. */ $value = apply_filters('pre_update_site_option_' . $option, $value, $old_value, $option); if ($value === $old_value) { return false; } if (false === $old_value) { return add_network_option($option, $value, $network_id); } $notoptions_key = "{$network_id}:notoptions"; $notoptions = wp_cache_get($notoptions_key, 'site-options'); if (is_array($notoptions) && isset($notoptions[$option])) { unset($notoptions[$option]); wp_cache_set($notoptions_key, $notoptions, 'site-options'); } if (!is_multisite()) { $result = update_option($option, $value); } else { $value = sanitize_option($option, $value); $serialized_value = maybe_serialize($value); $result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $network_id, 'meta_key' => $option)); if ($result) { $cache_key = "{$network_id}:{$option}"; wp_cache_set($cache_key, $value, 'site-options'); } } if ($result) { /** * Fires after the value of a specific network option has been successfully updated. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * @since 2.9.0 As "update_site_option_{$key}" * @since 3.0.0 * * @param string $option Name of the network option. * @param mixed $value Current value of the network option. * @param mixed $old_value Old value of the network option. */ do_action('update_site_option_' . $option, $option, $value, $old_value); /** * Fires after the value of a network option has been successfully updated. * * @since 3.0.0 * * @param string $option Name of the network option. * @param mixed $value Current value of the network option. * @param mixed $old_value Old value of the network option. */ do_action('update_site_option', $option, $value, $old_value); return true; } return false; }
function save_redirects($data) { // Save the redirects from the options page to the database // As of version 5.0.7 the redirects are saved by adding to the existing ones, not resaving all of them from form - // this was to prevent the max_input_vars issue when that was set low and there were a lot of redirects. $currRedirects = get_option('quickppr_redirects', array()); $currMeta = get_option('quickppr_redirects_meta', array()); //TODO: Add Back up Redirects //TODO: Add New Redirects to TOP not Bottom. $protocols = apply_filters('qppr_allowed_protocols', array('http', 'https', 'ftp', 'ftps', 'mailto', 'news', 'irc', 'gopher', 'nntp', 'feed', 'telnet', 'mms', 'rtsp', 'svn', 'tel', 'fax', 'xmpp')); for ($i = 0; $i < sizeof($data['request']); ++$i) { $request = esc_url(str_replace(' ', '%20', trim($data['request'][$i])), null, 'appip'); $destination = esc_url(str_replace(' ', '%20', trim($data['destination'][$i])), null, 'appip'); $newwin = isset($data['newwindow'][$i]) && (int) trim($data['newwindow'][$i]) == 1 ? 1 : 0; $nofoll = isset($data['nofollow'][$i]) && (int) trim($data['nofollow'][$i]) == 1 ? 1 : 0; if (strpos($request, '/', 0) !== 0 && !$this->qppr_strposa($request, $protocols)) { $request = '/' . $request; } // adds root marker to front if not there if (strpos($request, '.') === false && strpos($request, '?') === false && strpos($request, '/', strlen($request) - 1) === false) { $request = $request . '/'; } // adds end folder marker if not a file end if (($request == '' || $request == '/') && $destination == '') { continue; //if nothing there do nothing } elseif ($request != '' && $request != '/' && $destination == '') { $currRedirects[$request] = '/'; } else { $currRedirects[$request] = $destination; } $currMeta[$request]['newwindow'] = $newwin; $currMeta[$request]['nofollow'] = $nofoll; } update_option('quickppr_redirects', sanitize_option('quickppr_redirects', $currRedirects)); update_option('quickppr_redirects_meta', sanitize_option('quickppr_redirects_meta', $currMeta)); $this->quickppr_redirectsmeta = get_option('quickppr_redirects_meta', array()); $this->quickppr_redirects = get_option('quickppr_redirects', array()); return $currRedirects; }
jQuery("#fb-img").hide(); jQuery("#fb-msg").show(); setTimeout(function() {location.reload(true);}, 2000); } }); } </script> <?php wp_enqueue_style('op-bootstrap-css', WEBLIZAR_TWITTER_PLUGIN_URL . 'css/bootstrap.min.css'); $TwitterUserName = sanitize_text_field($_REQUEST['twitter-page-user_name']); $Theme = sanitize_text_field($_REQUEST['show-theme-background']); $Height = sanitize_text_field($_REQUEST['twitter-page-url-Height']); $TwitterWidgetId = sanitize_text_field($_REQUEST['twitter-page-id-fetch']); $LinkColor = sanitize_text_field($_REQUEST['twitter-page-lnk-Color']); $ExcludeReplies = sanitize_option('ExcludeReplies', $_REQUEST['exclude_replies_23']); $AutoExpandPhotos = sanitize_option('AutoExpandPhotos', $_REQUEST['photo_1234']); if (isset($_REQUEST['twitter-page-id-fetch'])) { $TwitterSettingsArray = serialize(array('TwitterUserName' => $TwitterUserName, 'Theme' => $Theme, 'Height' => $Height, 'TwitterWidgetId' => $TwitterWidgetId, 'LinkColor' => $LinkColor, 'ExcludeReplies' => $ExcludeReplies, 'AutoExpandPhotos' => $AutoExpandPhotos)); update_option("ali_twitter_shortcode", $TwitterSettingsArray); } ?> <div class="block ui-tabs-panel active" id="option-general"> <div class="row"> <div class="col-md-6"> <h2><?php _e('Twitter Shortcode Settings', WEBLIZAR_TWITTER_TEXT_DOMAIN); ?> : [TWTR]</h2> <hr> <form name='fb-form' id='fb-form'> <?php
function add_option($name, $value = '', $deprecated = '', $autoload = 'yes') { global $wpdb; wp_protect_special_option($name); $safe_name = $wpdb->escape($name); $value = sanitize_option($name, $value); // Make sure the option doesn't already exist. We can check the 'notoptions' cache before we ask for a db query $notoptions = wp_cache_get('notoptions', 'options'); if (!is_array($notoptions) || !isset($notoptions[$name])) { if (false !== get_option($safe_name)) { return; } } $value = maybe_serialize($value); $autoload = 'no' === $autoload ? 'no' : 'yes'; if ('yes' == $autoload) { $alloptions = wp_load_alloptions(); $alloptions[$name] = $value; wp_cache_set('alloptions', $alloptions, 'options'); } else { wp_cache_set($name, $value, 'options'); } // This option exists now $notoptions = wp_cache_get('notoptions', 'options'); // yes, again... we need it to be fresh if (is_array($notoptions) && isset($notoptions[$name])) { unset($notoptions[$name]); wp_cache_set('notoptions', $notoptions, 'options'); } $wpdb->query($wpdb->prepare("INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload)); do_action("add_option_{$name}", $name, $value); return; }
/** * Load the template loop for the current object. * * @return string Prints template loop for the specified object * @since BuddyPress (1.2) */ function bp_legacy_theme_object_template_loader() { // Bail if not a POST action if ('POST' !== strtoupper($_SERVER['REQUEST_METHOD'])) { return; } // Bail if no object passed if (empty($_POST['object'])) { return; } // Sanitize the object $object = sanitize_title($_POST['object']); // Bail if object is not an active component to prevent arbitrary file inclusion if (!bp_is_active($object)) { return; } /** * AJAX requests happen too early to be seen by bp_update_is_directory() * so we do it manually here to ensure templates load with the correct * context. Without this check, templates will load the 'single' version * of themselves rather than the directory version. */ if (!bp_current_action()) { bp_update_is_directory(true, bp_current_component()); } $template_part = $object . '/' . $object . '-loop'; // The template part can be overridden by the calling JS function if (!empty($_POST['template'])) { $template_part = sanitize_option('upload_path', $_POST['template']); } // Locate the object template bp_get_template_part($template_part); exit; }
/** * Update an option. * * ## OPTIONS * * <key> * : The name of the option to add. * * [<value>] * : The new value. If ommited, the value is read from STDIN. * * [--autoload=<autoload>] * : Requires WP 4.2. Should this option be automatically loaded. Accepted values: yes, no. Default: yes * * [--format=<format>] * : The serialization format for the value. Default is plaintext. * * ## EXAMPLES * * # Update an option by reading from a file * wp option update my_option < value.txt * * # Update one option on multiple sites using xargs * wp site list --field=url | xargs -n1 -I {} sh -c 'wp --url={} option update <key> <value>' * * @alias set */ public function update($args, $assoc_args) { $key = $args[0]; $value = WP_CLI::get_value_from_arg_or_stdin($args, 1); $value = WP_CLI::read_value($value, $assoc_args); $autoload = \WP_CLI\Utils\get_flag_value($assoc_args, 'autoload'); if (!in_array($autoload, array('yes', 'no'))) { $autoload = null; } $value = sanitize_option($key, $value); $old_value = sanitize_option($key, get_option($key)); if ($value === $old_value && is_null($autoload)) { WP_CLI::success("Value passed for '{$key}' option is unchanged."); } else { if (update_option($key, $value, $autoload)) { WP_CLI::success("Updated '{$key}' option."); } else { WP_CLI::error("Could not update option '{$key}'."); } } }
/** * Generic date_format validation * * @param <string> $date_format * * @return <string> */ public function date_format($date_format) { if (!empty($date_format) && is_string($date_format)) { $date_format = strlen($date_format) == 19 ? $date_format : ''; $safe_date_format = sanitize_option('date_format', $date_format); } else { $safe_date_format = ''; } return $safe_date_format; }
/** * Ajax handler for time formatting. * * @since 3.1.0 */ function wp_ajax_time_format() { wp_die(date_i18n(sanitize_option('time_format', wp_unslash($_POST['date'])))); }
/** * Update the value of a site option that was already added. * * @see update_option() * @since 2.8.0 * @package WordPress * @subpackage Option * * @uses apply_filters() Calls 'pre_update_site_option_$option' hook to allow overwriting the * option value to be stored. * @uses do_action() Calls 'update_site_option_$option' and 'update_site_option' hooks on success. * * @param string $option Name of option. Expected to not be SQL-escaped. * @param mixed $value Option value. Expected to not be SQL-escaped. * @return bool False if value was not updated and true if value was updated. */ function update_site_option($option, $value) { global $wpdb; wp_protect_special_option($option); $old_value = get_site_option($option); $value = apply_filters('pre_update_site_option_' . $option, $value, $old_value); if ($value === $old_value) { return false; } if (false === $old_value) { return add_site_option($option, $value); } $notoptions = wp_cache_get('notoptions', 'site-options'); if (is_array($notoptions) && isset($notoptions[$option])) { unset($notoptions[$option]); wp_cache_set('notoptions', $notoptions, 'site-options'); } if (!is_multisite()) { $result = update_option($option, $value); } else { $value = sanitize_option($option, $value); $serialized_value = maybe_serialize($value); $result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $wpdb->siteid, 'meta_key' => $option)); if ($result) { $cache_key = "{$wpdb->siteid}:{$option}"; wp_cache_set($cache_key, $value, 'site-options'); } } if ($result) { do_action("update_site_option_{$option}", $option, $value, $old_value); do_action("update_site_option", $option, $value, $old_value); return true; } return false; }
function epanel_save_data($source) { global $options, $shortname; if (!current_user_can('switch_themes')) { die('-1'); } // load theme settings array et_load_core_options(); if (isset($_POST['action'])) { do_action('et_epanel_changing_options'); $epanel = isset($_GET['page']) ? $_GET['page'] : basename(__FILE__); $redirect_url = esc_url_raw(add_query_arg('page', $epanel, admin_url('themes.php'))); if ('save_epanel' == $_POST['action']) { if ('ajax' != $source) { check_admin_referer('epanel_nonce'); } foreach ($options as $value) { $et_option_name = $et_option_new_value = false; if (isset($value['id'])) { $et_option_name = $value['id']; if (isset($_POST[$value['id']])) { if (in_array($value['type'], array('text', 'textlimit', 'password'))) { if (isset($value['validation_type'])) { // saves the value as integer if ('number' == $value['validation_type']) { $et_option_new_value = intval(stripslashes($_POST[$value['id']])); } // makes sure the option is a url if ('url' == $value['validation_type']) { $et_option_new_value = esc_url_raw(stripslashes($_POST[$value['id']])); } // option is a date format if ('date_format' == $value['validation_type']) { $et_option_new_value = sanitize_option('date_format', $_POST[$value['id']]); } /* * html is not allowed * wp_strip_all_tags can't be used here, because it returns trimmed text, some options need spaces ( e.g 'character to separate BlogName and Post title' option ) */ if ('nohtml' == $value['validation_type']) { $et_option_new_value = stripslashes(wp_filter_nohtml_kses($_POST[$value['id']])); } } else { // use html allowed for posts if the validation type isn't provided $et_option_new_value = wp_kses_post(stripslashes($_POST[$value['id']])); } } elseif ('select' == $value['type']) { // select boxes that list pages / categories should save page/category ID ( as integer ) if (isset($value['et_array_for']) && in_array($value['et_array_for'], array('pages', 'categories'))) { $et_option_new_value = intval(stripslashes($_POST[$value['id']])); } else { // html is not allowed in select boxes $et_option_new_value = sanitize_text_field(stripslashes($_POST[$value['id']])); } } elseif (in_array($value['type'], array('checkbox', 'checkbox2'))) { // saves 'on' value to the database, if the option is enabled $et_option_new_value = 'on'; } elseif ('upload' == $value['type']) { // makes sure the option is a url $et_option_new_value = esc_url_raw(stripslashes($_POST[$value['id']])); } elseif (in_array($value['type'], array('textcolorpopup', 'et_color_palette'))) { // the color value $et_option_new_value = sanitize_text_field(stripslashes($_POST[$value['id']])); } elseif ('textarea' == $value['type']) { if (isset($value['validation_type'])) { // html is not allowed if ('nohtml' == $value['validation_type']) { if ($value['id'] === $shortname . '_custom_css') { // don't strip slashes from custom css, it should be possible to use \ for icon fonts $et_option_new_value = wp_strip_all_tags($_POST[$value['id']]); } else { $et_option_new_value = wp_strip_all_tags(stripslashes($_POST[$value['id']])); } } } else { if (current_user_can('unfiltered_html')) { $et_option_new_value = stripslashes($_POST[$value['id']]); } else { $et_option_new_value = stripslashes(wp_filter_post_kses(addslashes($_POST[$value['id']]))); // wp_filter_post_kses() expects slashed value } } } elseif ('checkboxes' == $value['type']) { if ('sanitize_text_field' == $value['value_sanitize_function']) { // strings $et_option_new_value = array_map('sanitize_text_field', stripslashes_deep($_POST[$value['id']])); } else { // saves categories / pages IDs $et_option_new_value = array_map('intval', stripslashes_deep($_POST[$value['id']])); } } elseif ('different_checkboxes' == $value['type']) { // saves 'author/date/categories/comments' options $et_option_new_value = array_map('intval', array_map('wp_strip_all_tags', stripslashes_deep($_POST[$value['id']]))); } } else { if (in_array($value['type'], array('checkbox', 'checkbox2'))) { $et_option_new_value = 'false'; } else { if ('different_checkboxes' == $value['type']) { $et_option_new_value = array(); } else { et_delete_option($value['id']); } } } if (false !== $et_option_name && false !== $et_option_new_value) { $is_new_global_setting = false; $global_setting_main_name = $global_setting_sub_name = ''; if (isset($value['is_global']) && $value['is_global']) { $is_new_global_setting = true; $global_setting_main_name = isset($value['main_setting_name']) ? sanitize_text_field($value['main_setting_name']) : ''; $global_setting_sub_name = isset($value['sub_setting_name']) ? sanitize_text_field($value['sub_setting_name']) : ''; } et_update_option($et_option_name, $et_option_new_value, $is_new_global_setting, $global_setting_main_name, $global_setting_sub_name); } } } $redirect_url = add_query_arg('saved', 'true', $redirect_url); if ('js_disabled' == $source) { header("Location: " . $redirect_url); } die('1'); } else { if ('reset' == $_POST['action']) { check_admin_referer('et-nojs-reset_epanel', '_wpnonce_reset'); foreach ($options as $value) { if (isset($value['id'])) { et_delete_option($value['id']); if (isset($value['std'])) { et_update_option($value['id'], $value['std']); } } } $redirect_url = add_query_arg('reset', 'true', $redirect_url); header("Location: " . $redirect_url); die('1'); } } } }
/** * Update the value of a site option that was already added. * * @since 2.8.0 * * @see update_option() * * @global wpdb $wpdb * * @param string $option Name of option. Expected to not be SQL-escaped. * @param mixed $value Option value. Expected to not be SQL-escaped. * @return bool False if value was not updated and true if value was updated. */ function update_site_option($option, $value) { global $wpdb; wp_protect_special_option($option); $old_value = get_site_option($option); /** * Filter a specific site option before its value is updated. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * @since 2.9.0 As 'pre_update_site_option_' . $key * @since 3.0.0 * * @param mixed $value New value of site option. * @param mixed $old_value Old value of site option. */ $value = apply_filters('pre_update_site_option_' . $option, $value, $old_value); if ($value === $old_value) { return false; } if (false === $old_value) { return add_site_option($option, $value); } $notoptions_key = "{$wpdb->siteid}:notoptions"; $notoptions = wp_cache_get($notoptions_key, 'site-options'); if (is_array($notoptions) && isset($notoptions[$option])) { unset($notoptions[$option]); wp_cache_set($notoptions_key, $notoptions, 'site-options'); } if (!is_multisite()) { $result = update_option($option, $value); } else { $value = sanitize_option($option, $value); $serialized_value = maybe_serialize($value); $result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $serialized_value), array('site_id' => $wpdb->siteid, 'meta_key' => $option)); if ($result) { $cache_key = "{$wpdb->siteid}:{$option}"; wp_cache_set($cache_key, $value, 'site-options'); } } if ($result) { /** * Fires after the value of a specific site option has been successfully updated. * * The dynamic portion of the hook name, `$option`, refers to the option name. * * @since 2.9.0 As "update_site_option_{$key}" * @since 3.0.0 * * @param string $option Name of site option. * @param mixed $value Current value of site option. * @param mixed $old_value Old value of site option. */ do_action("update_site_option_{$option}", $option, $value, $old_value); /** * Fires after the value of a site option has been successfully updated. * * @since 3.0.0 * * @param string $option Name of site option. * @param mixed $value Current value of site option. * @param mixed $old_value Old value of site option. */ do_action("update_site_option", $option, $value, $old_value); return true; } return false; }
if (delete_post_thumbnail($post_ID)) { die(_wp_post_thumbnail_html()); } else { die('0'); } } if (set_post_thumbnail($post_ID, $thumbnail_id)) { die(_wp_post_thumbnail_html($thumbnail_id)); } die('0'); break; case 'date_format': die(date_i18n(sanitize_option('date_format', $_POST['date']))); break; case 'time_format': die(date_i18n(sanitize_option('time_format', $_POST['date']))); break; case 'wp-fullscreen-save-post': $post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0; $post = $post_type = null; if ($post_id) { $post = get_post($post_id); } if ($post) { $post_type = $post->post_type; } elseif (isset($_POST['post_type']) && post_type_exists($_POST['post_type'])) { $post_type = $_POST['post_type']; } check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); $post_id = edit_post(); if (is_wp_error($post_id)) {
check_admin_referer('update-options'); if ( !$_POST['page_options'] ) { foreach ( (array) $_POST as $key => $value) { if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) ) $options[] = $key; } } else { $options = explode(',', stripslashes($_POST['page_options'])); } if ($options) { foreach ($options as $option) { $option = trim($option); $value = trim($_POST[$option]); $value = sanitize_option($option, $value); // This does stripslashes on those that need it update_option($option, $value); } } $referred = remove_query_arg('updated' , wp_get_referer()); $goback = add_query_arg('updated', 'true', wp_get_referer()); $goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback); wp_redirect($goback); break; default: include('admin-header.php'); ?> <div class="wrap"> <h2><?php _e('All Options'); ?></h2>
$any_changed = 0; check_admin_referer('update-options'); if (!$_POST['page_options']) { foreach ((array) $_POST as $key => $value) { if (!in_array($key, array('_wpnonce', '_wp_http_referer'))) { $options[] = $key; } } } else { $options = explode(',', stripslashes($_POST['page_options'])); } if ($options) { foreach ($options as $option) { $option = trim($option); $value = trim($_POST[$option]); $value = sanitize_option($option, $value); // This does stripslashes on those that need it update_option($option, $value); } } $referred = remove_query_arg('updated', wp_get_referer()); $goback = add_query_arg('updated', 'true', wp_get_referer()); $goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback); wp_redirect($goback); break; default: include 'admin-header.php'; ?> <div class="wrap"> <h2><?php
/** * Fetch settings errors registered by add_settings_error() * * Checks the $wp_settings_errors array for any errors declared during the current * pageload and returns them. * * If changes were just submitted ($_GET['settings-updated']) and settings errors were saved * to the 'settings_errors' transient then those errors will be returned instead. This * is used to pass errors back across pageloads. * * Use the $sanitize argument to manually re-sanitize the option before returning errors. * This is useful if you have errors or notices you want to show even when the user * hasn't submitted data (i.e. when they first load an options page, or in admin_notices action hook) * * @since 3.0.0 * * @global array $wp_settings_errors Storage array of errors registered during this pageload * * @param string $setting Optional slug title of a specific setting who's errors you want. * @param boolean $sanitize Whether to re-sanitize the setting value before returning errors. * @return array Array of settings errors */ function get_settings_errors($setting = '', $sanitize = FALSE) { global $wp_settings_errors; // If $sanitize is true, manually re-run the sanitizisation for this option // This allows the $sanitize_callback from register_setting() to run, adding // any settings errors you want to show by default. if ($sanitize) { sanitize_option($setting, get_option($setting)); } // If settings were passed back from options.php then use them // Ignore transients if $sanitize is true, we don't want the old values anyway if (isset($_GET['settings-updated']) && $_GET['settings-updated'] && get_transient('settings_errors')) { $settings_errors = get_transient('settings_errors'); delete_transient('settings_errors'); // Otherwise check global in case validation has been run on this pageload } elseif (count($wp_settings_errors)) { $settings_errors = $wp_settings_errors; } else { return; } // Filter the results to those of a specific setting if one was set if ($setting) { foreach ((array) $settings_errors as $key => $details) { if ($setting != $details['setting']) { unset($settings_errors[$key]); } } } return $settings_errors; }
public static function sanitize_string_translation($translation, $name) { $translation = wp_unslash(trim($translation)); if (false !== ($option = array_search($name, self::$default_strings['options'], true))) { $translation = sanitize_option($option, $translation); } if ($name == self::$default_strings['widget_title']) { $translation = strip_tags($translation); } if ($name == self::$default_strings['widget_text'] && !current_user_can('unfiltered_html')) { $translation = wp_unslash(wp_filter_post_kses(addslashes($translation))); } // wp_filter_post_kses() expects slashed return $translation; }
/** * Update the value of a site option that was already added. * * @see update_option() * @since 2.8.0 * @package WordPress * @subpackage Option * * @uses apply_filters() Calls 'pre_update_site_option_$option' hook to allow overwriting the * option value to be stored. * @uses do_action() Calls 'update_site_option_$option' and 'update_site_option' hooks on success. * * @param string $option Name of option. Expected to not be SQL-escaped. * @param mixed $value Option value. Expected to not be SQL-escaped. * @return bool False if value was not updated and true if value was updated. */ function update_site_option($option, $value) { global $wpdb; $oldvalue = get_site_option($option); $value = apply_filters('pre_update_site_option_' . $option, $value, $oldvalue); if ($value === $oldvalue) { return false; } if (false === $oldvalue) { return add_site_option($option, $value); } if (!is_multisite()) { $result = update_option($option, $value); } else { $value = sanitize_option($option, $value); $cache_key = "{$wpdb->siteid}:{$option}"; wp_cache_set($cache_key, $value, 'site-options'); $_value = $value; $value = maybe_serialize($value); $result = $wpdb->update($wpdb->sitemeta, array('meta_value' => $value), array('site_id' => $wpdb->siteid, 'meta_key' => $option)); $value = $_value; } if ($result) { do_action("update_site_option_{$option}", $option, $value, $oldvalue); do_action("update_site_option", $option, $value, $oldvalue); return true; } return false; }
/** * Update an option. * * ## OPTIONS * * <key> * : The name of the option to add. * * [<value>] * : The new value. If ommited, the value is read from STDIN. * * [--format=<format>] * : The serialization format for the value. Default is plaintext. * * ## EXAMPLES * * # Update an option by reading from a file * wp option update my_option < value.txt * * # Update one option on multiple sites using xargs * wp site list --field=url | xargs -n1 -I {} sh -c 'wp --url={} option update <key> <value>' * * @alias set */ public function update($args, $assoc_args) { $key = $args[0]; $value = WP_CLI::get_value_from_arg_or_stdin($args, 1); $value = WP_CLI::read_value($value, $assoc_args); $value = sanitize_option($key, $value); $old_value = sanitize_option($key, get_option($key)); if ($value === $old_value) { WP_CLI::success("Value passed for '{$key}' option is unchanged."); } else { if (update_option($key, $value)) { WP_CLI::success("Updated '{$key}' option."); } else { WP_CLI::error("Could not update option '{$key}'."); } } }
/** * Fetch settings errors registered by add_settings_error() * * Checks the $wp_settings_errors array for any errors declared during the current * pageload and returns them. * * If changes were just submitted ($_GET['settings-updated']) and settings errors were saved * to the 'settings_errors' transient then those errors will be returned instead. This * is used to pass errors back across pageloads. * * Use the $sanitize argument to manually re-sanitize the option before returning errors. * This is useful if you have errors or notices you want to show even when the user * hasn't submitted data (i.e. when they first load an options page, or in the {@see 'admin_notices'} * action hook). * * @since 3.0.0 * * @global array $wp_settings_errors Storage array of errors registered during this pageload * * @param string $setting Optional slug title of a specific setting who's errors you want. * @param boolean $sanitize Whether to re-sanitize the setting value before returning errors. * @return array Array of settings errors */ function get_settings_errors($setting = '', $sanitize = false) { global $wp_settings_errors; /* * If $sanitize is true, manually re-run the sanitization for this option * This allows the $sanitize_callback from register_setting() to run, adding * any settings errors you want to show by default. */ if ($sanitize) { sanitize_option($setting, get_option($setting)); } // If settings were passed back from options.php then use them. if (isset($_GET['settings-updated']) && $_GET['settings-updated'] && get_transient('settings_errors')) { $wp_settings_errors = array_merge((array) $wp_settings_errors, get_transient('settings_errors')); delete_transient('settings_errors'); } // Check global in case errors have been added on this pageload. if (!count($wp_settings_errors)) { return array(); } // Filter the results to those of a specific setting if one was set. if ($setting) { $setting_errors = array(); foreach ((array) $wp_settings_errors as $key => $details) { if ($setting == $details['setting']) { $setting_errors[] = $wp_settings_errors[$key]; } } return $setting_errors; } return $wp_settings_errors; }
/** * @dataProvider upload_path_provider */ public function test_sanitize_option_upload_path($provided, $expected) { $this->assertSame($expected, sanitize_option('upload_path', $provided)); }
/** * Add a new option. * * You do not need to serialize values, if the value needs to be serialize, then * it will be serialized before it is inserted into the database. Remember, * resources can not be serialized or added as an option. * * You can create options without values and then add values later. Does not * check whether the option has already been added, but does check that you * aren't adding a protected WordPress option. Care should be taken to not name * options, the same as the ones which are protected and to not add options * that were already added. * * The filter named 'add_option_$optionname', with the $optionname being * replaced with the option's name, will be called. The hook should accept two * parameters, the first is the option name, and the second is the value. * * @package WordPress * @subpackage Option * @since 1.0.0 * @link http://alex.vort-x.net/blog/ Thanks Alex Stapleton * * @param string $name Option name to add. Expects to NOT be SQL escaped. * @param mixed $value Optional. Option value, can be anything. * @param mixed $deprecated Optional. Description. Not used anymore. * @param bool $autoload Optional. Default is enabled. Whether to load the option when WordPress starts up. * @return null returns when finished. */ function add_option($name, $value = '', $deprecated = '', $autoload = 'yes') { global $wpdb; wp_protect_special_option($name); $safe_name = $wpdb->escape($name); $value = sanitize_option($name, $value); if (false !== get_option($safe_name)) { return; } $value = maybe_serialize($value); $autoload = 'no' === $autoload ? 'no' : 'yes'; _set_option_cache($name, $value); $wpdb->query($wpdb->prepare("INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload)); do_action("add_option_{$name}", $name, $value); return; }
private static function _update_option($option, $newvalue) { global $wpdb; $option = trim($option); if (empty($option)) { return false; } $oldvalue = get_option($option); if (false === $oldvalue) { return add_option($option, $newvalue); } else { $newvalue = sanitize_option($option, $newvalue); $newvalue = maybe_serialize($newvalue); $result = $wpdb->update($wpdb->options, array('option_value' => $newvalue), array('option_name' => $option)); if ($result) { return true; } } return false; }