[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/ -> options.php (source)

   1  <?php
   2  /**
   3   * Options Management Administration Screen.
   4   *
   5   * If accessed directly in a browser this page shows a list of all saved options
   6   * along with editable fields for their values. Serialized data is not supported
   7   * and there is no way to remove options via this page. It is not linked to from
   8   * anywhere else in the admin.
   9   *
  10   * This file is also the target of the forms in core and custom options pages
  11   * that use the Settings API. In this case it saves the new option values
  12   * and returns the user to their page of origin.
  13   *
  14   * @package WordPress
  15   * @subpackage Administration
  16   */
  17  
  18  /** WordPress Administration Bootstrap */
  19  require_once  __DIR__ . '/admin.php';
  20  
  21  // Used in the HTML title tag.
  22  $title       = __( 'Settings' );
  23  $this_file   = 'options.php';
  24  $parent_file = 'options-general.php';
  25  
  26  wp_reset_vars( array( 'action', 'option_page' ) );
  27  
  28  $capability = 'manage_options';
  29  
  30  // This is for back compat and will eventually be removed.
  31  if ( empty( $option_page ) ) {
  32      $option_page = 'options';
  33  } else {
  34  
  35      /**
  36       * Filters the capability required when using the Settings API.
  37       *
  38       * By default, the options groups for all registered settings require the manage_options capability.
  39       * This filter is required to change the capability required for a certain options page.
  40       *
  41       * @since 3.2.0
  42       *
  43       * @param string $capability The capability used for the page, which is manage_options by default.
  44       */
  45      $capability = apply_filters( "option_page_capability_{$option_page}", $capability );
  46  }
  47  
  48  if ( ! current_user_can( $capability ) ) {
  49      wp_die(
  50          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  51          '<p>' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '</p>',
  52          403
  53      );
  54  }
  55  
  56  // Handle admin email change requests.
  57  if ( ! empty( $_GET['adminhash'] ) ) {
  58      $new_admin_details = get_option( 'adminhash' );
  59      $redirect          = 'options-general.php?updated=false';
  60  
  61      if ( is_array( $new_admin_details )
  62          && hash_equals( $new_admin_details['hash'], $_GET['adminhash'] )
  63          && ! empty( $new_admin_details['newemail'] )
  64      ) {
  65          update_option( 'admin_email', $new_admin_details['newemail'] );
  66          delete_option( 'adminhash' );
  67          delete_option( 'new_admin_email' );
  68          $redirect = 'options-general.php?updated=true';
  69      }
  70  
  71      wp_redirect( admin_url( $redirect ) );
  72      exit;
  73  } elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' === $_GET['dismiss'] ) {
  74      check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
  75      delete_option( 'adminhash' );
  76      delete_option( 'new_admin_email' );
  77      wp_redirect( admin_url( 'options-general.php?updated=true' ) );
  78      exit;
  79  }
  80  
  81  if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' !== $action ) {
  82      wp_die(
  83          '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
  84          '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>',
  85          403
  86      );
  87  }
  88  
  89  $allowed_options            = array(
  90      'general'    => array(
  91          'blogname',
  92          'blogdescription',
  93          'gmt_offset',
  94          'date_format',
  95          'time_format',
  96          'start_of_week',
  97          'timezone_string',
  98          'WPLANG',
  99          'new_admin_email',
 100      ),
 101      'discussion' => array(
 102          'default_pingback_flag',
 103          'default_ping_status',
 104          'default_comment_status',
 105          'comments_notify',
 106          'moderation_notify',
 107          'comment_moderation',
 108          'require_name_email',
 109          'comment_previously_approved',
 110          'comment_max_links',
 111          'moderation_keys',
 112          'disallowed_keys',
 113          'show_avatars',
 114          'avatar_rating',
 115          'avatar_default',
 116          'close_comments_for_old_posts',
 117          'close_comments_days_old',
 118          'thread_comments',
 119          'thread_comments_depth',
 120          'page_comments',
 121          'comments_per_page',
 122          'default_comments_page',
 123          'comment_order',
 124          'comment_registration',
 125          'show_comments_cookies_opt_in',
 126      ),
 127      'media'      => array(
 128          'thumbnail_size_w',
 129          'thumbnail_size_h',
 130          'thumbnail_crop',
 131          'medium_size_w',
 132          'medium_size_h',
 133          'large_size_w',
 134          'large_size_h',
 135          'image_default_size',
 136          'image_default_align',
 137          'image_default_link_type',
 138      ),
 139      'reading'    => array(
 140          'posts_per_page',
 141          'posts_per_rss',
 142          'rss_use_excerpt',
 143          'show_on_front',
 144          'page_on_front',
 145          'page_for_posts',
 146          'blog_public',
 147      ),
 148      'writing'    => array(
 149          'default_category',
 150          'default_email_category',
 151          'default_link_category',
 152          'default_post_format',
 153      ),
 154  );
 155  $allowed_options['misc']    = array();
 156  $allowed_options['options'] = array();
 157  $allowed_options['privacy'] = array();
 158  
 159  $mail_options = array( 'mailserver_url', 'mailserver_port', 'mailserver_login', 'mailserver_pass' );
 160  
 161  if ( ! in_array( get_option( 'blog_charset' ), array( 'utf8', 'utf-8', 'UTF8', 'UTF-8' ), true ) ) {
 162      $allowed_options['reading'][] = 'blog_charset';
 163  }
 164  
 165  if ( get_site_option( 'initial_db_version' ) < 32453 ) {
 166      $allowed_options['writing'][] = 'use_smilies';
 167      $allowed_options['writing'][] = 'use_balanceTags';
 168  }
 169  
 170  if ( ! is_multisite() ) {
 171      if ( ! defined( 'WP_SITEURL' ) ) {
 172          $allowed_options['general'][] = 'siteurl';
 173      }
 174      if ( ! defined( 'WP_HOME' ) ) {
 175          $allowed_options['general'][] = 'home';
 176      }
 177  
 178      $allowed_options['general'][] = 'users_can_register';
 179      $allowed_options['general'][] = 'default_role';
 180  
 181      $allowed_options['writing']   = array_merge( $allowed_options['writing'], $mail_options );
 182      $allowed_options['writing'][] = 'ping_sites';
 183  
 184      $allowed_options['media'][] = 'uploads_use_yearmonth_folders';
 185  
 186      /*
 187       * If upload_url_path is not the default (empty),
 188       * or upload_path is not the default ('wp-content/uploads' or empty),
 189       * they can be edited, otherwise they're locked.
 190       */
 191      if ( get_option( 'upload_url_path' )
 192          || get_option( 'upload_path' ) && 'wp-content/uploads' !== get_option( 'upload_path' )
 193      ) {
 194          $allowed_options['media'][] = 'upload_path';
 195          $allowed_options['media'][] = 'upload_url_path';
 196      }
 197  } else {
 198      /**
 199       * Filters whether the post-by-email functionality is enabled.
 200       *
 201       * @since 3.0.0
 202       *
 203       * @param bool $enabled Whether post-by-email configuration is enabled. Default true.
 204       */
 205      if ( apply_filters( 'enable_post_by_email_configuration', true ) ) {
 206          $allowed_options['writing'] = array_merge( $allowed_options['writing'], $mail_options );
 207      }
 208  }
 209  
 210  /**
 211   * Filters the allowed options list.
 212   *
 213   * @since 2.7.0
 214   * @deprecated 5.5.0 Use {@see 'allowed_options'} instead.
 215   *
 216   * @param array $allowed_options The allowed options list.
 217   */
 218  $allowed_options = apply_filters_deprecated(
 219      'whitelist_options',
 220      array( $allowed_options ),
 221      '5.5.0',
 222      'allowed_options',
 223      __( 'Please consider writing more inclusive code.' )
 224  );
 225  
 226  /**
 227   * Filters the allowed options list.
 228   *
 229   * @since 5.5.0
 230   *
 231   * @param array $allowed_options The allowed options list.
 232   */
 233  $allowed_options = apply_filters( 'allowed_options', $allowed_options );
 234  
 235  if ( 'update' === $action ) { // We are saving settings sent from a settings page.
 236      if ( 'options' === $option_page && ! isset( $_POST['option_page'] ) ) { // This is for back compat and will eventually be removed.
 237          $unregistered = true;
 238          check_admin_referer( 'update-options' );
 239      } else {
 240          $unregistered = false;
 241          check_admin_referer( $option_page . '-options' );
 242      }
 243  
 244      if ( ! isset( $allowed_options[ $option_page ] ) ) {
 245          wp_die(
 246              sprintf(
 247                  /* translators: %s: The options page name. */
 248                  __( '<strong>Error</strong>: Options page %s not found in the allowed options list.' ),
 249                  '<code>' . esc_html( $option_page ) . '</code>'
 250              )
 251          );
 252      }
 253  
 254      if ( 'options' === $option_page ) {
 255          if ( is_multisite() && ! current_user_can( 'manage_network_options' ) ) {
 256              wp_die( __( 'Sorry, you are not allowed to modify unregistered settings for this site.' ) );
 257          }
 258          $options = isset( $_POST['page_options'] ) ? explode( ',', wp_unslash( $_POST['page_options'] ) ) : null;
 259      } else {
 260          $options = $allowed_options[ $option_page ];
 261      }
 262  
 263      if ( 'general' === $option_page ) {
 264          // Handle custom date/time formats.
 265          if ( ! empty( $_POST['date_format'] ) && isset( $_POST['date_format_custom'] )
 266              && '\c\u\s\t\o\m' === wp_unslash( $_POST['date_format'] )
 267          ) {
 268              $_POST['date_format'] = $_POST['date_format_custom'];
 269          }
 270  
 271          if ( ! empty( $_POST['time_format'] ) && isset( $_POST['time_format_custom'] )
 272              && '\c\u\s\t\o\m' === wp_unslash( $_POST['time_format'] )
 273          ) {
 274              $_POST['time_format'] = $_POST['time_format_custom'];
 275          }
 276  
 277          // Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
 278          if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
 279              $_POST['gmt_offset']      = $_POST['timezone_string'];
 280              $_POST['gmt_offset']      = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
 281              $_POST['timezone_string'] = '';
 282          }
 283  
 284          // Handle translation installation.
 285          if ( ! empty( $_POST['WPLANG'] ) && current_user_can( 'install_languages' ) ) {
 286              require_once ABSPATH . 'wp-admin/includes/translation-install.php';
 287  
 288              if ( wp_can_install_language_pack() ) {
 289                  $language = wp_download_language_pack( $_POST['WPLANG'] );
 290                  if ( $language ) {
 291                      $_POST['WPLANG'] = $language;
 292                  }
 293              }
 294          }
 295      }
 296  
 297      if ( $options ) {
 298          $user_language_old = get_user_locale();
 299  
 300          foreach ( $options as $option ) {
 301              if ( $unregistered ) {
 302                  _deprecated_argument(
 303                      'options.php',
 304                      '2.7.0',
 305                      sprintf(
 306                          /* translators: %s: The option/setting. */
 307                          __( 'The %s setting is unregistered. Unregistered settings are deprecated. See https://developer.wordpress.org/plugins/settings/settings-api/' ),
 308                          '<code>' . esc_html( $option ) . '</code>'
 309                      )
 310                  );
 311              }
 312  
 313              $option = trim( $option );
 314              $value  = null;
 315              if ( isset( $_POST[ $option ] ) ) {
 316                  $value = $_POST[ $option ];
 317                  if ( ! is_array( $value ) ) {
 318                      $value = trim( $value );
 319                  }
 320                  $value = wp_unslash( $value );
 321              }
 322              update_option( $option, $value );
 323          }
 324  
 325          /*
 326           * Switch translation in case WPLANG was changed.
 327           * The global $locale is used in get_locale() which is
 328           * used as a fallback in get_user_locale().
 329           */
 330          unset( $GLOBALS['locale'] );
 331          $user_language_new = get_user_locale();
 332          if ( $user_language_old !== $user_language_new ) {
 333              load_default_textdomain( $user_language_new );
 334          }
 335      } else {
 336          add_settings_error( 'general', 'settings_updated', __( 'Settings save failed.' ), 'error' );
 337      }
 338  
 339      /*
 340       * Handle settings errors and return to options page.
 341       */
 342  
 343      // If no settings errors were registered add a general 'updated' message.
 344      if ( ! count( get_settings_errors() ) ) {
 345          add_settings_error( 'general', 'settings_updated', __( 'Settings saved.' ), 'success' );
 346      }
 347      set_transient( 'settings_errors', get_settings_errors(), 30 );
 348  
 349      // Redirect back to the settings page that was submitted.
 350      $goback = add_query_arg( 'settings-updated', 'true', wp_get_referer() );
 351      wp_redirect( $goback );
 352      exit;
 353  }
 354  
 355  require_once ABSPATH . 'wp-admin/admin-header.php'; ?>
 356  
 357  <div class="wrap">
 358      <h1><?php esc_html_e( 'All Settings' ); ?></h1>
 359  
 360      <div class="notice notice-warning">
 361          <p><strong><?php _e( 'Warning:' ); ?></strong> <?php _e( 'This page allows direct access to your site settings. You can break things here. Please be cautious!' ); ?></p>
 362      </div>
 363  
 364      <form name="form" action="options.php" method="post" id="all-options">
 365          <?php wp_nonce_field( 'options-options' ); ?>
 366          <input type="hidden" name="action" value="update" />
 367          <input type="hidden" name="option_page" value="options" />
 368          <table class="form-table" role="presentation">
 369  <?php
 370  $options = $wpdb->get_results( "SELECT * FROM $wpdb->options ORDER BY option_name" );
 371  
 372  foreach ( (array) $options as $option ) :
 373      $disabled = false;
 374  
 375      if ( '' === $option->option_name ) {
 376          continue;
 377      }
 378  
 379      if ( is_serialized( $option->option_value ) ) {
 380          if ( is_serialized_string( $option->option_value ) ) {
 381              // This is a serialized string, so we should display it.
 382              $value               = maybe_unserialize( $option->option_value );
 383              $options_to_update[] = $option->option_name;
 384              $class               = 'all-options';
 385          } else {
 386              $value    = 'SERIALIZED DATA';
 387              $disabled = true;
 388              $class    = 'all-options disabled';
 389          }
 390      } else {
 391          $value               = $option->option_value;
 392          $options_to_update[] = $option->option_name;
 393          $class               = 'all-options';
 394      }
 395  
 396      $name = esc_attr( $option->option_name );
 397      ?>
 398  <tr>
 399      <th scope="row"><label for="<?php echo $name; ?>"><?php echo esc_html( $option->option_name ); ?></label></th>
 400  <td>
 401      <?php if ( strpos( $value, "\n" ) !== false ) : ?>
 402          <textarea class="<?php echo $class; ?>" name="<?php echo $name; ?>" id="<?php echo $name; ?>" cols="30" rows="5"><?php echo esc_textarea( $value ); ?></textarea>
 403      <?php else : ?>
 404          <input class="regular-text <?php echo $class; ?>" type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr( $value ); ?>"<?php disabled( $disabled, true ); ?> />
 405      <?php endif; ?></td>
 406  </tr>
 407  <?php endforeach; ?>
 408  </table>
 409  
 410  <input type="hidden" name="page_options" value="<?php echo esc_attr( implode( ',', $options_to_update ) ); ?>" />
 411  
 412  <?php submit_button( __( 'Save Changes' ), 'primary', 'Update' ); ?>
 413  
 414  </form>
 415  </div>
 416  
 417  <?php
 418  require_once ABSPATH . 'wp-admin/admin-footer.php';


Generated: Tue Dec 3 01:00:02 2024 Cross-referenced by PHPXref 0.7.1