--- a/wp/wp-admin/options.php Tue Oct 22 16:11:46 2019 +0200
+++ b/wp/wp-admin/options.php Tue Dec 15 13:49:49 2020 +0100
@@ -16,7 +16,7 @@
*/
/** WordPress Administration Bootstrap */
-require_once( dirname( __FILE__ ) . '/admin.php' );
+require_once __DIR__ . '/admin.php';
$title = __( 'Settings' );
$this_file = 'options.php';
@@ -47,12 +47,12 @@
if ( ! current_user_can( $capability ) ) {
wp_die(
'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
- '<p>' . __( 'Sorry, you are not allowed to manage these options.' ) . '</p>',
+ '<p>' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '</p>',
403
);
}
-// Handle admin email change requests
+// Handle admin email change requests.
if ( ! empty( $_GET['adminhash'] ) ) {
$new_admin_details = get_option( 'adminhash' );
$redirect = 'options-general.php?updated=false';
@@ -64,7 +64,7 @@
}
wp_redirect( admin_url( $redirect ) );
exit;
-} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
+} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' === $_GET['dismiss'] ) {
check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
delete_option( 'adminhash' );
delete_option( 'new_admin_email' );
@@ -80,7 +80,7 @@
);
}
-$whitelist_options = array(
+$allowed_options = array(
'general' => array(
'blogname',
'blogdescription',
@@ -100,10 +100,10 @@
'moderation_notify',
'comment_moderation',
'require_name_email',
- 'comment_whitelist',
+ 'comment_previously_approved',
'comment_max_links',
'moderation_keys',
- 'blacklist_keys',
+ 'disallowed_keys',
'show_avatars',
'avatar_rating',
'avatar_default',
@@ -146,39 +146,45 @@
'default_post_format',
),
);
-$whitelist_options['misc'] = $whitelist_options['options'] = $whitelist_options['privacy'] = array();
+$allowed_options['misc'] = array();
+$allowed_options['options'] = array();
+$allowed_options['privacy'] = array();
$mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
-if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
- $whitelist_options['reading'][] = 'blog_charset';
+if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
+ $allowed_options['reading'][] = 'blog_charset';
}
if ( get_site_option( 'initial_db_version' ) < 32453 ) {
- $whitelist_options['writing'][] = 'use_smilies';
- $whitelist_options['writing'][] = 'use_balanceTags';
+ $allowed_options['writing'][] = 'use_smilies';
+ $allowed_options['writing'][] = 'use_balanceTags';
}
if ( ! is_multisite() ) {
if ( ! defined( 'WP_SITEURL' ) ) {
- $whitelist_options['general'][] = 'siteurl';
+ $allowed_options['general'][] = 'siteurl';
}
if ( ! defined( 'WP_HOME' ) ) {
- $whitelist_options['general'][] = 'home';
+ $allowed_options['general'][] = 'home';
}
- $whitelist_options['general'][] = 'users_can_register';
- $whitelist_options['general'][] = 'default_role';
+ $allowed_options['general'][] = 'users_can_register';
+ $allowed_options['general'][] = 'default_role';
- $whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
- $whitelist_options['writing'][] = 'ping_sites';
+ $allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
+ $allowed_options['writing'][] = 'ping_sites';
+
+ $allowed_options['media'][] = 'uploads_use_yearmonth_folders';
- $whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
-
- // If upload_url_path and upload_path are both default values, they're locked.
+ /*
+ * If upload_url_path is not the default (empty),
+ * or upload_path is not the default ('wp-content/uploads' or empty),
+ * they can be edited, otherwise they're locked.
+ */
if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
- $whitelist_options['media'][] = 'upload_path';
- $whitelist_options['media'][] = 'upload_url_path';
+ $allowed_options['media'][] = 'upload_path';
+ $allowed_options['media'][] = 'upload_url_path';
}
} else {
/**
@@ -189,24 +195,37 @@
* @param bool $enabled Whether post-by-email configuration is enabled. Default true.
*/
if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
- $whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
+ $allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
}
}
/**
- * Filters the options white list.
+ * Filters the allowed options list.
*
* @since 2.7.0
+ * @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
*
- * @param array $whitelist_options White list options.
+ * @param array $allowed_options The allowed options list.
*/
-$whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
+$allowed_options = apply_filters_deprecated(
+ 'whitelist_options',
+ array( $allowed_options ),
+ '5.5.0',
+ 'apply_filters_deprecated',
+ __( 'Please consider writing more inclusive code.' )
+);
-/*
- * If $_GET['action'] == 'update' we are saving settings sent from a settings page
+/**
+ * Filters the allowed options list.
+ *
+ * @since 5.5.0
+ *
+ * @param array $allowed_options The allowed options list.
*/
-if ( 'update' == $action ) {
- if ( 'options' == $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
+$allowed_options = apply_filters( 'allowed_options', $allowed_options );
+
+if ( 'update' === $action ) { // We are saving settings sent from a settings page.
+ if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
$unregistered = true;
check_admin_referer( 'update-options' );
} else {
@@ -214,27 +233,39 @@
check_admin_referer( $option_page . '-options' );
}
- if ( ! isset( $whitelist_options[ $option_page ] ) ) {
- wp_die( __( '<strong>ERROR</strong>: options page not found.' ) );
+ if ( ! isset( $allowed_options[ $option_page ] ) ) {
+ wp_die(
+ sprintf(
+ /* translators: %s: The options page name. */
+ __( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
+ '<code>' . esc_html( $option_page ) . '</code>'
+ )
+ );
}
- if ( 'options' == $option_page ) {
+ if ( 'options' === $option_page ) {
if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) {
wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) );
}
$options = explode( ',', wp_unslash( $_POST['page_options'] ) );
} else {
- $options = $whitelist_options[ $option_page ];
+ $options = $allowed_options[ $option_page ];
}
- if ( 'general' == $option_page ) {
+ if ( 'general' === $option_page ) {
// Handle custom date/time formats.
- if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] ) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) {
+ if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] )
+ && '\c\u\s\t\o\m' === wp_unslash( $_POST['date_format'] )
+ ) {
$_POST['date_format'] = $_POST['date_format_custom'];
}
- if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] ) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) {
+
+ if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] )
+ && '\c\u\s\t\o\m' === wp_unslash( $_POST['time_format'] )
+ ) {
$_POST['time_format'] = $_POST['time_format_custom'];
}
+
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
$_POST['gmt_offset'] = $_POST['timezone_string'];
@@ -244,7 +275,7 @@
// Handle translation installation.
if ( ! empty( $_POST['WPLANG'] ) && current_user_can( 'install_languages' ) ) {
- require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );
+ require_once ABSPATH . 'wp-admin/includes/translation-install.php';
if ( wp_can_install_language_pack() ) {
$language = wp_download_language_pack( $_POST['WPLANG'] );
@@ -264,9 +295,9 @@
'options.php',
'2.7.0',
sprintf(
- /* translators: %s: the option/setting */
- __( 'The %s setting is unregistered. Unregistered settings are deprecated. See https://codex.wordpress.org/Settings_API' ),
- '<code>' . $option . '</code>'
+ /* translators: %s: The option/setting. */
+ __( 'The %s setting is unregistered. Unregistered settings are deprecated. See https://developer.wordpress.org/plugins/settings/settings-api/' ),
+ '<code>' . esc_html( $option ) . '</code>'
)
);
}
@@ -295,27 +326,31 @@
}
}
- /**
- * Handle settings errors and return to options page
+ /*
+ * Handle settings errors and return to options page.
*/
+
// If no settings errors were registered add a general 'updated' message.
if ( ! count( get_settings_errors() ) ) {
- add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'updated' );
+ add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' );
}
set_transient( 'settings_errors', get_settings_errors(), 30 );
- /**
- * Redirect back to the settings page that was submitted
- */
+ // Redirect back to the settings page that was submitted.
$goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() );
wp_redirect( $goback );
exit;
}
-include( ABSPATH . 'wp-admin/admin-header.php' ); ?>
+require_once ABSPATH . 'wp-admin/admin-header.php'; ?>
<div class="wrap">
<h1><?php esc_html_e( 'All Settings' ); ?></h1>
+
+ <div class="notice notice-warning">
+ <p><strong><?php _e( 'Warning:' ); ?></strong> <?php _e( 'This page allows direct access to your site settings. You can break things here. Please be cautious!' ); ?></p>
+ </div>
+
<form name="form" action="options.php" method="post" id="all-options">
<?php wp_nonce_field( 'options-options' ); ?>
<input type="hidden" name="action" value="update" />
@@ -326,9 +361,11 @@
foreach ( (array) $options as $option ) :
$disabled = false;
- if ( $option->option_name == '' ) {
+
+ if ( '' === $option->option_name ) {
continue;
}
+
if ( is_serialized( $option->option_value ) ) {
if ( is_serialized_string( $option->option_value ) ) {
// This is a serialized string, so we should display it.
@@ -345,6 +382,7 @@
$options_to_update[] = $option->option_name;
$class = 'all-options';
}
+
$name = esc_attr( $option->option_name );
?>
<tr>
@@ -367,4 +405,4 @@
</div>
<?php
-include( ABSPATH . 'wp-admin/admin-footer.php' );
+require_once ABSPATH . 'wp-admin/admin-footer.php';