[ Index ]

WordPress 5.4.1

[ Index ]     [ Classes ]     [ Functions ]     [ Variables ]     [ Constants ]     [ Statistics ]    

title

Body

[close]

/wp-admin/ -> options.php (source)

   1  <?php
   2  /**
   3   * Options Management Administration Screen.
   4   *
   5   * If accessed directly in a browser this page shows a list of all saved options
   6   * along with editable fields for their values. Serialized data is not supported
   7   * and there is no way to remove options via this page. It is not linked to from
   8   * anywhere else in the admin.
   9   *
  10   * This file is also the target of the forms in core and custom options pages
  11   * that use the Settings API. In this case it saves the new option values
  12   * and returns the user to their page of origin.
  13   *
  14   * @package WordPress
  15   * @subpackage Administration
  16   */
  17  
  18  /** WordPress Administration Bootstrap */
  19  require_once  __DIR__ . '/admin.php';
  20  
  21  $title       = __( 'Settings' );
  22  $this_file   = 'options.php';
  23  $parent_file = 'options-general.php';
  24  
  25  wp_reset_vars( array( 'action', 'option_page' ) );
  26  
  27  $capability = 'manage_options';
  28  
  29  // This is for back compat and will eventually be removed.
  30  if ( empty( $option_page ) ) {
  31      $option_page = 'options';
  32  } else {
  33  
  34      /**
  35       * Filters the capability required when using the Settings API.
  36       *
  37       * By default, the options groups for all registered settings require the manage_options capability.
  38       * This filter is required to change the capability required for a certain options page.
  39       *
  40       * @since 3.2.0
  41       *
  42       * @param string $capability The capability used for the page, which is manage_options by default.
  43       */
  44      $capability = apply_filters( "option_page_capability_{$option_page}", $capability );
  45  }
  46  
  47  if ( ! current_user_can( $capability ) ) {
  48      wp_die(
  49          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  50          '<p>' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '</p>',
  51          403
  52      );
  53  }
  54  
  55  // Handle admin email change requests.
  56  if ( ! empty( $_GET['adminhash'] ) ) {
  57      $new_admin_details = get_option( 'adminhash' );
  58      $redirect          = 'options-general.php?updated=false';
  59      if ( is_array( $new_admin_details ) && hash_equals( $new_admin_details['hash'], $_GET['adminhash'] ) && ! empty( $new_admin_details['newemail'] ) ) {
  60          update_option( 'admin_email', $new_admin_details['newemail'] );
  61          delete_option( 'adminhash' );
  62          delete_option( 'new_admin_email' );
  63          $redirect = 'options-general.php?updated=true';
  64      }
  65      wp_redirect( admin_url( $redirect ) );
  66      exit;
  67  } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' == $_GET['dismiss'] ) {
  68      check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
  69      delete_option( 'adminhash' );
  70      delete_option( 'new_admin_email' );
  71      wp_redirect( admin_url( 'options-general.php?updated=true' ) );
  72      exit;
  73  }
  74  
  75  if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' != $action ) {
  76      wp_die(
  77          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  78          '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>',
  79          403
  80      );
  81  }
  82  
  83  $whitelist_options            = array(
  84      'general'    => array(
  85          'blogname',
  86          'blogdescription',
  87          'gmt_offset',
  88          'date_format',
  89          'time_format',
  90          'start_of_week',
  91          'timezone_string',
  92          'WPLANG',
  93          'new_admin_email',
  94      ),
  95      'discussion' => array(
  96          'default_pingback_flag',
  97          'default_ping_status',
  98          'default_comment_status',
  99          'comments_notify',
 100          'moderation_notify',
 101          'comment_moderation',
 102          'require_name_email',
 103          'comment_whitelist',
 104          'comment_max_links',
 105          'moderation_keys',
 106          'blacklist_keys',
 107          'show_avatars',
 108          'avatar_rating',
 109          'avatar_default',
 110          'close_comments_for_old_posts',
 111          'close_comments_days_old',
 112          'thread_comments',
 113          'thread_comments_depth',
 114          'page_comments',
 115          'comments_per_page',
 116          'default_comments_page',
 117          'comment_order',
 118          'comment_registration',
 119          'show_comments_cookies_opt_in',
 120      ),
 121      'media'      => array(
 122          'thumbnail_size_w',
 123          'thumbnail_size_h',
 124          'thumbnail_crop',
 125          'medium_size_w',
 126          'medium_size_h',
 127          'large_size_w',
 128          'large_size_h',
 129          'image_default_size',
 130          'image_default_align',
 131          'image_default_link_type',
 132      ),
 133      'reading'    => array(
 134          'posts_per_page',
 135          'posts_per_rss',
 136          'rss_use_excerpt',
 137          'show_on_front',
 138          'page_on_front',
 139          'page_for_posts',
 140          'blog_public',
 141      ),
 142      'writing'    => array(
 143          'default_category',
 144          'default_email_category',
 145          'default_link_category',
 146          'default_post_format',
 147      ),
 148  );
 149  $whitelist_options['misc']    = array();
 150  $whitelist_options['options'] = array();
 151  $whitelist_options['privacy'] = array();
 152  
 153  $mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
 154  
 155  if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ) ) ) {
 156      $whitelist_options['reading'][] = 'blog_charset';
 157  }
 158  
 159  if ( get_site_option( 'initial_db_version' ) < 32453 ) {
 160      $whitelist_options['writing'][] = 'use_smilies';
 161      $whitelist_options['writing'][] = 'use_balanceTags';
 162  }
 163  
 164  if ( ! is_multisite() ) {
 165      if ( ! defined( 'WP_SITEURL' ) ) {
 166          $whitelist_options['general'][] = 'siteurl';
 167      }
 168      if ( ! defined( 'WP_HOME' ) ) {
 169          $whitelist_options['general'][] = 'home';
 170      }
 171  
 172      $whitelist_options['general'][] = 'users_can_register';
 173      $whitelist_options['general'][] = 'default_role';
 174  
 175      $whitelist_options['writing']   = array_merge( $whitelist_options['writing'], $mail_options );
 176      $whitelist_options['writing'][] = 'ping_sites';
 177  
 178      $whitelist_options['media'][] = 'uploads_use_yearmonth_folders';
 179  
 180      // If upload_url_path and upload_path are both default values, they're locked.
 181      if ( get_option( 'upload_url_path' ) || ( get_option( 'upload_path' ) != 'wp-content/uploads' && get_option( 'upload_path' ) ) ) {
 182          $whitelist_options['media'][] = 'upload_path';
 183          $whitelist_options['media'][] = 'upload_url_path';
 184      }
 185  } else {
 186      /**
 187       * Filters whether the post-by-email functionality is enabled.
 188       *
 189       * @since 3.0.0
 190       *
 191       * @param bool $enabled Whether post-by-email configuration is enabled. Default true.
 192       */
 193      if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
 194          $whitelist_options['writing'] = array_merge( $whitelist_options['writing'], $mail_options );
 195      }
 196  }
 197  
 198  /**
 199   * Filters the options whitelist.
 200   *
 201   * @since 2.7.0
 202   *
 203   * @param array $whitelist_options The options whitelist.
 204   */
 205  $whitelist_options = apply_filters( 'whitelist_options', $whitelist_options );
 206  
 207  if ( 'update' == $action ) { // We are saving settings sent from a settings page.
 208      if ( 'options' == $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
 209          $unregistered = true;
 210          check_admin_referer( 'update-options' );
 211      } else {
 212          $unregistered = false;
 213          check_admin_referer( $option_page . '-options' );
 214      }
 215  
 216      if ( ! isset( $whitelist_options[ $option_page ] ) ) {
 217          wp_die(
 218              sprintf(
 219                  /* translators: %s: The options page name. */
 220                  __( '<strong>Error</strong>: Options page %s not found in the options whitelist.' ),
 221                  '<code>' . esc_html( $option_page ) . '</code>'
 222              )
 223          );
 224      }
 225  
 226      if ( 'options' == $option_page ) {
 227          if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) {
 228              wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) );
 229          }
 230          $options = explode( ',', wp_unslash( $_POST['page_options'] ) );
 231      } else {
 232          $options = $whitelist_options[ $option_page ];
 233      }
 234  
 235      if ( 'general' == $option_page ) {
 236          // Handle custom date/time formats.
 237          if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] ) && '\c\u\s\t\o\m' == wp_unslash( $_POST['date_format'] ) ) {
 238              $_POST['date_format'] = $_POST['date_format_custom'];
 239          }
 240          if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] ) && '\c\u\s\t\o\m' == wp_unslash( $_POST['time_format'] ) ) {
 241              $_POST['time_format'] = $_POST['time_format_custom'];
 242          }
 243          // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
 244          if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
 245              $_POST['gmt_offset']      = $_POST['timezone_string'];
 246              $_POST['gmt_offset']      = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
 247              $_POST['timezone_string'] = '';
 248          }
 249  
 250          // Handle translation installation.
 251          if ( ! empty( $_POST['WPLANG'] ) && current_user_can( 'install_languages' ) ) {
 252              require_once  ABSPATH . 'wp-admin/includes/translation-install.php';
 253  
 254              if ( wp_can_install_language_pack() ) {
 255                  $language = wp_download_language_pack( $_POST['WPLANG'] );
 256                  if ( $language ) {
 257                      $_POST['WPLANG'] = $language;
 258                  }
 259              }
 260          }
 261      }
 262  
 263      if ( $options ) {
 264          $user_language_old = get_user_locale();
 265  
 266          foreach ( $options as $option ) {
 267              if ( $unregistered ) {
 268                  _deprecated_argument(
 269                      'options.php',
 270                      '2.7.0',
 271                      sprintf(
 272                          /* translators: %s: The option/setting. */
 273                          __( 'The %s setting is unregistered. Unregistered settings are deprecated. See https://developer.wordpress.org/plugins/settings/settings-api/' ),
 274                          '<code>' . esc_html( $option ) . '</code>'
 275                      )
 276                  );
 277              }
 278  
 279              $option = trim( $option );
 280              $value  = null;
 281              if ( isset( $_POST[ $option ] ) ) {
 282                  $value = $_POST[ $option ];
 283                  if ( ! is_array( $value ) ) {
 284                      $value = trim( $value );
 285                  }
 286                  $value = wp_unslash( $value );
 287              }
 288              update_option( $option, $value );
 289          }
 290  
 291          /*
 292           * Switch translation in case WPLANG was changed.
 293           * The global $locale is used in get_locale() which is
 294           * used as a fallback in get_user_locale().
 295           */
 296          unset( $GLOBALS['locale'] );
 297          $user_language_new = get_user_locale();
 298          if ( $user_language_old !== $user_language_new ) {
 299              load_default_textdomain( $user_language_new );
 300          }
 301      }
 302  
 303      /*
 304       * Handle settings errors and return to options page.
 305       */
 306  
 307      // If no settings errors were registered add a general 'updated' message.
 308      if ( ! count( get_settings_errors() ) ) {
 309          add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' );
 310      }
 311      set_transient( 'settings_errors', get_settings_errors(), 30 );
 312  
 313      // Redirect back to the settings page that was submitted.
 314      $goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() );
 315      wp_redirect( $goback );
 316      exit;
 317  }
 318  
 319  require_once  ABSPATH . 'wp-admin/admin-header.php'; ?>
 320  
 321  <div class="wrap">
 322      <h1><?php esc_html_e( 'All Settings' ); ?></h1>
 323  
 324      <div class="notice notice-warning">
 325          <p><strong><?php _e( 'WARNING!' ); ?></strong> <?php _e( 'This page allows direct access to your site settings. You can break things here. Please be cautious!' ); ?></p>
 326      </div>
 327  
 328      <form name="form" action="options.php" method="post" id="all-options">
 329          <?php wp_nonce_field( 'options-options' ); ?>
 330          <input type="hidden" name="action" value="update" />
 331          <input type="hidden" name="option_page" value="options" />
 332          <table class="form-table" role="presentation">
 333  <?php
 334  $options = $wpdb->get_results( "SELECT * FROM $wpdb->options ORDER BY option_name" );
 335  
 336  foreach ( (array) $options as $option ) :
 337      $disabled = false;
 338      if ( '' == $option->option_name ) {
 339          continue;
 340      }
 341      if ( is_serialized( $option->option_value ) ) {
 342          if ( is_serialized_string( $option->option_value ) ) {
 343              // This is a serialized string, so we should display it.
 344              $value               = maybe_unserialize( $option->option_value );
 345              $options_to_update[] = $option->option_name;
 346              $class               = 'all-options';
 347          } else {
 348              $value    = 'SERIALIZED DATA';
 349              $disabled = true;
 350              $class    = 'all-options disabled';
 351          }
 352      } else {
 353          $value               = $option->option_value;
 354          $options_to_update[] = $option->option_name;
 355          $class               = 'all-options';
 356      }
 357      $name = esc_attr( $option->option_name );
 358      ?>
 359  <tr>
 360      <th scope="row"><label for="<?php echo $name; ?>"><?php echo esc_html( $option->option_name ); ?></label></th>
 361  <td>
 362      <?php if ( strpos( $value, "\n" ) !== false ) : ?>
 363          <textarea class="<?php echo $class; ?>" name="<?php echo $name; ?>" id="<?php echo $name; ?>" cols="30" rows="5"><?php echo esc_textarea( $value ); ?></textarea>
 364      <?php else : ?>
 365          <input class="regular-text <?php echo $class; ?>" type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $value ); ?>"<?php disabled( $disabled, true ); ?> />
 366      <?php endif ?></td>
 367  </tr>
 368  <?php endforeach; ?>
 369  </table>
 370  
 371  <input type="hidden" name="page_options" value="<?php echo esc_attr( implode( ',', $options_to_update ) ); ?>" />
 372  
 373  <?php submit_button( __( 'Save Changes' ), 'primary', 'Update' ); ?>
 374  
 375  </form>
 376  </div>
 377  
 378  <?php
 379  require_once  ABSPATH . 'wp-admin/admin-footer.php';


Generated: Tue May 19 15:51:04 2020 Cross-referenced by PHPXref 0.7.1