[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/wp-admin/ -> options.php (source)

   1  <?php
   2  /**
   3   * Options Management Administration Screen.
   4   *
   5   * If accessed directly in a browser this page shows a list of all saved options
   6   * along with editable fields for their values. Serialized data is not supported
   7   * and there is no way to remove options via this page. It is not linked to from
   8   * anywhere else in the admin.
   9   *
  10   * This file is also the target of the forms in core and custom options pages
  11   * that use the Settings API. In this case it saves the new option values
  12   * and returns the user to their page of origin.
  13   *
  14   * @package WordPress
  15   * @subpackage Administration
  16   */
  17  
  18  /** WordPress Administration Bootstrap */
  19  require_once  __DIR__ . '/admin.php';
  20  
  21  // Used in the HTML title tag.
  22  $title       = __( 'Settings' );
  23  $this_file   = 'options.php';
  24  $parent_file = 'options-general.php';
  25  
  26  $action      = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
  27  $option_page = ! empty( $_REQUEST['option_page'] ) ? sanitize_text_field( $_REQUEST['option_page'] ) : '';
  28  
  29  $capability = 'manage_options';
  30  
  31  // This is for back compat and will eventually be removed.
  32  if ( empty( $option_page ) ) {
  33      $option_page = 'options';
  34  } else {
  35  
  36      /**
  37       * Filters the capability required when using the Settings API.
  38       *
  39       * By default, the options groups for all registered settings require the manage_options capability.
  40       * This filter is required to change the capability required for a certain options page.
  41       *
  42       * @since 3.2.0
  43       *
  44       * @param string $capability The capability used for the page, which is manage_options by default.
  45       */
  46      $capability = apply_filters( "option_page_capability_{$option_page}", $capability );
  47  }
  48  
  49  if ( ! current_user_can( $capability ) ) {
  50      wp_die(
  51          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  52          '<p>' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '</p>',
  53          403
  54      );
  55  }
  56  
  57  // Handle admin email change requests.
  58  if ( ! empty( $_GET['adminhash'] ) ) {
  59      $new_admin_details = get_option( 'adminhash' );
  60      $redirect          = 'options-general.php?updated=false';
  61  
  62      if ( is_array( $new_admin_details )
  63          && hash_equals( $new_admin_details['hash'], $_GET['adminhash'] )
  64          && ! empty( $new_admin_details['newemail'] )
  65      ) {
  66          update_option( 'admin_email', $new_admin_details['newemail'] );
  67          delete_option( 'adminhash' );
  68          delete_option( 'new_admin_email' );
  69          $redirect = 'options-general.php?updated=true';
  70      }
  71  
  72      wp_redirect( admin_url( $redirect ) );
  73      exit;
  74  } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' === $_GET['dismiss'] ) {
  75      check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
  76      delete_option( 'adminhash' );
  77      delete_option( 'new_admin_email' );
  78      wp_redirect( admin_url( 'options-general.php?updated=true' ) );
  79      exit;
  80  }
  81  
  82  if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' !== $action ) {
  83      wp_die(
  84          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  85          '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>',
  86          403
  87      );
  88  }
  89  
  90  $allowed_options            = array(
  91      'general'    => array(
  92          'blogname',
  93          'blogdescription',
  94          'site_icon',
  95          'gmt_offset',
  96          'date_format',
  97          'time_format',
  98          'start_of_week',
  99          'timezone_string',
 100          'WPLANG',
 101          'new_admin_email',
 102      ),
 103      'discussion' => array(
 104          'default_pingback_flag',
 105          'default_ping_status',
 106          'default_comment_status',
 107          'comments_notify',
 108          'moderation_notify',
 109          'comment_moderation',
 110          'require_name_email',
 111          'comment_previously_approved',
 112          'comment_max_links',
 113          'moderation_keys',
 114          'disallowed_keys',
 115          'show_avatars',
 116          'avatar_rating',
 117          'avatar_default',
 118          'close_comments_for_old_posts',
 119          'close_comments_days_old',
 120          'thread_comments',
 121          'thread_comments_depth',
 122          'page_comments',
 123          'comments_per_page',
 124          'default_comments_page',
 125          'comment_order',
 126          'comment_registration',
 127          'show_comments_cookies_opt_in',
 128      ),
 129      'media'      => array(
 130          'thumbnail_size_w',
 131          'thumbnail_size_h',
 132          'thumbnail_crop',
 133          'medium_size_w',
 134          'medium_size_h',
 135          'large_size_w',
 136          'large_size_h',
 137          'image_default_size',
 138          'image_default_align',
 139          'image_default_link_type',
 140      ),
 141      'reading'    => array(
 142          'posts_per_page',
 143          'posts_per_rss',
 144          'rss_use_excerpt',
 145          'show_on_front',
 146          'page_on_front',
 147          'page_for_posts',
 148          'blog_public',
 149      ),
 150      'writing'    => array(
 151          'default_category',
 152          'default_email_category',
 153          'default_link_category',
 154          'default_post_format',
 155      ),
 156  );
 157  $allowed_options['misc']    = array();
 158  $allowed_options['options'] = array();
 159  $allowed_options['privacy'] = array();
 160  
 161  /**
 162   * Filters whether the post-by-email functionality is enabled.
 163   *
 164   * @since 3.0.0
 165   *
 166   * @param bool $enabled Whether post-by-email configuration is enabled. Default true.
 167   */
 168  if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
 169      $allowed_options['writing'][] = 'mailserver_url';
 170      $allowed_options['writing'][] = 'mailserver_port';
 171      $allowed_options['writing'][] = 'mailserver_login';
 172      $allowed_options['writing'][] = 'mailserver_pass';
 173  }
 174  
 175  if ( ! is_utf8_charset() ) {
 176      $allowed_options['reading'][] = 'blog_charset';
 177  }
 178  
 179  if ( get_site_option( 'initial_db_version' ) < 32453 ) {
 180      $allowed_options['writing'][] = 'use_smilies';
 181      $allowed_options['writing'][] = 'use_balanceTags';
 182  }
 183  
 184  if ( ! is_multisite() ) {
 185      if ( ! defined( 'WP_SITEURL' ) ) {
 186          $allowed_options['general'][] = 'siteurl';
 187      }
 188      if ( ! defined( 'WP_HOME' ) ) {
 189          $allowed_options['general'][] = 'home';
 190      }
 191  
 192      $allowed_options['general'][] = 'users_can_register';
 193      $allowed_options['general'][] = 'default_role';
 194  
 195      if ( '1' === get_option( 'blog_public' ) ) {
 196          $allowed_options['writing'][] = 'ping_sites';
 197      }
 198  
 199      $allowed_options['media'][] = 'uploads_use_yearmonth_folders';
 200  
 201      /*
 202       * If upload_url_path is not the default (empty),
 203       * or upload_path is not the default ('wp-content/uploads' or empty),
 204       * they can be edited, otherwise they're locked.
 205       */
 206      if ( get_option( 'upload_url_path' )
 207          || get_option( 'upload_path' ) && 'wp-content/uploads' !== get_option( 'upload_path' )
 208      ) {
 209          $allowed_options['media'][] = 'upload_path';
 210          $allowed_options['media'][] = 'upload_url_path';
 211      }
 212  }
 213  
 214  /**
 215   * Filters the allowed options list.
 216   *
 217   * @since 2.7.0
 218   * @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
 219   *
 220   * @param array $allowed_options The allowed options list.
 221   */
 222  $allowed_options = apply_filters_deprecated(
 223      'whitelist_options',
 224      array( $allowed_options ),
 225      '5.5.0',
 226      'allowed_options',
 227      __( 'Please consider writing more inclusive code.' )
 228  );
 229  
 230  /**
 231   * Filters the allowed options list.
 232   *
 233   * @since 5.5.0
 234   *
 235   * @param array $allowed_options The allowed options list.
 236   */
 237  $allowed_options = apply_filters( 'allowed_options', $allowed_options );
 238  
 239  if ( 'update' === $action ) { // We are saving settings sent from a settings page.
 240      if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
 241          $unregistered = true;
 242          check_admin_referer( 'update-options' );
 243      } else {
 244          $unregistered = false;
 245          check_admin_referer( $option_page . '-options' );
 246      }
 247  
 248      if ( ! isset( $allowed_options[ $option_page ] ) ) {
 249          wp_die(
 250              sprintf(
 251                  /* translators: %s: The options page name. */
 252                  __( '<strong>Error:</strong> The %s options page is not in the allowed options list.' ),
 253                  '<code>' . esc_html( $option_page ) . '</code>'
 254              )
 255          );
 256      }
 257  
 258      if ( 'options' === $option_page ) {
 259          if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) {
 260              wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) );
 261          }
 262          $options = isset( $_POST['page_options'] ) ? explode( ',', wp_unslash( $_POST['page_options'] ) ) : null;
 263      } else {
 264          $options = $allowed_options[ $option_page ];
 265      }
 266  
 267      if ( 'general' === $option_page ) {
 268          // Handle custom date/time formats.
 269          if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] )
 270              && '\c\u\s\t\o\m' === wp_unslash( $_POST['date_format'] )
 271          ) {
 272              $_POST['date_format'] = $_POST['date_format_custom'];
 273          }
 274  
 275          if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] )
 276              && '\c\u\s\t\o\m' === wp_unslash( $_POST['time_format'] )
 277          ) {
 278              $_POST['time_format'] = $_POST['time_format_custom'];
 279          }
 280  
 281          // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
 282          if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
 283              $_POST['gmt_offset']      = $_POST['timezone_string'];
 284              $_POST['gmt_offset']      = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
 285              $_POST['timezone_string'] = '';
 286          } elseif ( isset( $_POST['timezone_string'] ) && ! in_array( $_POST['timezone_string'], timezone_identifiers_list( DateTimeZone::ALL_WITH_BC ), true ) ) {
 287              // Reset to the current value.
 288              $current_timezone_string = get_option( 'timezone_string' );
 289  
 290              if ( ! empty( $current_timezone_string ) ) {
 291                  $_POST['timezone_string'] = $current_timezone_string;
 292              } else {
 293                  $_POST['gmt_offset']      = get_option( 'gmt_offset' );
 294                  $_POST['timezone_string'] = '';
 295              }
 296  
 297              add_settings_error(
 298                  'general',
 299                  'settings_updated',
 300                  __( 'The timezone you have entered is not valid. Please select a valid timezone.' ),
 301                  'error'
 302              );
 303          }
 304  
 305          // Handle translation installation.
 306          if ( ! empty( $_POST['WPLANG'] ) && current_user_can( 'install_languages' ) ) {
 307              require_once  ABSPATH . 'wp-admin/includes/translation-install.php';
 308  
 309              if ( wp_can_install_language_pack() ) {
 310                  $language = wp_download_language_pack( $_POST['WPLANG'] );
 311                  if ( $language ) {
 312                      $_POST['WPLANG'] = $language;
 313                  }
 314              }
 315          }
 316      }
 317  
 318      if ( $options ) {
 319          $user_language_old = get_user_locale();
 320  
 321          foreach ( $options as $option ) {
 322              if ( $unregistered ) {
 323                  _deprecated_argument(
 324                      'options.php',
 325                      '2.7.0',
 326                      sprintf(
 327                          /* translators: 1: The option/setting, 2: Documentation URL. */
 328                          __( 'The %1$s setting is unregistered. Unregistered settings are deprecated. See <a href="%2$s">documentation on the Settings API</a>.' ),
 329                          '<code>' . esc_html( $option ) . '</code>',
 330                          __( 'https://developer.wordpress.org/plugins/settings/settings-api/' )
 331                      )
 332                  );
 333              }
 334  
 335              $option = trim( $option );
 336              $value  = null;
 337              if ( isset( $_POST[ $option ] ) ) {
 338                  $value = $_POST[ $option ];
 339                  if ( ! is_array( $value ) ) {
 340                      $value = trim( $value );
 341                  }
 342                  $value = wp_unslash( $value );
 343              }
 344              update_option( $option, $value );
 345          }
 346  
 347          /*
 348           * Switch translation in case WPLANG was changed.
 349           * The global $locale is used in get_locale() which is
 350           * used as a fallback in get_user_locale().
 351           */
 352          unset( $GLOBALS['locale'] );
 353          $user_language_new = get_user_locale();
 354          if ( $user_language_old !== $user_language_new ) {
 355              load_default_textdomain( $user_language_new );
 356          }
 357      } else {
 358          add_settings_error( 'general', 'settings_updated', __( 'Settings save failed.' ), 'error' );
 359      }
 360  
 361      /*
 362       * Handle settings errors and return to options page.
 363       */
 364  
 365      // If no settings errors were registered add a general 'updated' message.
 366      if ( ! count( get_settings_errors() ) ) {
 367          add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' );
 368      }
 369  
 370      set_transient( 'settings_errors', get_settings_errors(), 30 ); // 30 seconds.
 371  
 372      // Redirect back to the settings page that was submitted.
 373      $goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() );
 374      wp_redirect( $goback );
 375      exit;
 376  }
 377  
 378  require_once  ABSPATH . 'wp-admin/admin-header.php';
 379  ?>
 380  
 381  <div class="wrap">
 382      <h1><?php esc_html_e( 'All Settings' ); ?></h1>
 383  
 384      <?php
 385      wp_admin_notice(
 386          '<strong>' . __( 'Warning:' ) . '</strong> ' . __( 'This page allows direct access to your site settings. You can break things here. Please be cautious!' ),
 387          array(
 388              'type' => 'warning',
 389          )
 390      );
 391      ?>
 392      <form name="form" action="options.php" method="post" id="all-options">
 393          <?php wp_nonce_field( 'options-options' ); ?>
 394          <input type="hidden" name="action" value="update" />
 395          <input type="hidden" name="option_page" value="options" />
 396          <table class="form-table" role="presentation">
 397  <?php
 398  $options = $wpdb->get_results( "SELECT * FROM $wpdb->options ORDER BY option_name" );
 399  
 400  foreach ( (array) $options as $option ) :
 401      $disabled = false;
 402  
 403      if ( '' === $option->option_name ) {
 404          continue;
 405      }
 406  
 407      if ( is_serialized( $option->option_value ) ) {
 408          if ( is_serialized_string( $option->option_value ) ) {
 409              // This is a serialized string, so we should display it.
 410              $value               = maybe_unserialize( $option->option_value );
 411              $options_to_update[] = $option->option_name;
 412              $class               = 'all-options';
 413          } else {
 414              $value    = 'SERIALIZED DATA';
 415              $disabled = true;
 416              $class    = 'all-options disabled';
 417          }
 418      } else {
 419          $value               = $option->option_value;
 420          $options_to_update[] = $option->option_name;
 421          $class               = 'all-options';
 422      }
 423  
 424      $name = esc_attr( $option->option_name );
 425      ?>
 426  <tr>
 427      <th scope="row"><label for="<?php echo $name; ?>"><?php echo esc_html( $option->option_name ); ?></label></th>
 428  <td>
 429      <?php if ( str_contains( $value, "\n" ) ) : ?>
 430          <textarea class="<?php echo $class; ?>" name="<?php echo $name; ?>" id="<?php echo $name; ?>" cols="30" rows="5"><?php echo esc_textarea( $value ); ?></textarea>
 431      <?php else : ?>
 432          <input class="regular-text <?php echo $class; ?>" type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $value ); ?>"<?php disabled( $disabled, true ); ?> />
 433      <?php endif; ?></td>
 434  </tr>
 435  <?php endforeach; ?>
 436  </table>
 437  
 438  <input type="hidden" name="page_options" value="<?php echo esc_attr( implode( ',', $options_to_update ) ); ?>" />
 439  
 440  <?php submit_button( __( 'Save Changes' ), 'primary', 'Update' ); ?>
 441  
 442  </form>
 443  </div>
 444  
 445  <?php
 446  require_once  ABSPATH . 'wp-admin/admin-footer.php';


Generated : Sat Dec 21 08:20:01 2024 Cross-referenced by PHPXref