Advertisements

sanitize_option

Definition:
function sanitize_option($option, $value) {}

Sanitises various option values based on the nature of the option.
This is basically a switch statement which will pass $value through a number of functions depending on the $option.

Parameters

  • string $option: The name of the option.
  • string $value: The unsanitised value.

Return values

returns:Sanitized value.

Defined filters

  • sanitize_option_{$option}
    apply_filters("sanitize_option_{$option}", $value, $option)

Source code

function sanitize_option($option, $value) {



	switch ( $option ) {

		case 'admin_email':

			$value = sanitize_email($value);

			if ( !is_email($value) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));

			}

			break;



		case 'new_admin_email':

			$value = sanitize_email($value);

			if ( !is_email($value) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));

			}

			break;



		case 'thumbnail_size_w':

		case 'thumbnail_size_h':

		case 'medium_size_w':

		case 'medium_size_h':

		case 'large_size_w':

		case 'large_size_h':

		case 'embed_size_h':

		case 'default_post_edit_rows':

		case 'mailserver_port':

		case 'comment_max_links':

		case 'page_on_front':

		case 'page_for_posts':

		case 'rss_excerpt_length':

		case 'default_category':

		case 'default_email_category':

		case 'default_link_category':

		case 'close_comments_days_old':

		case 'comments_per_page':

		case 'thread_comments_depth':

		case 'users_can_register':

		case 'start_of_week':

			$value = absint( $value );

			break;



		case 'embed_size_w':

			if ( '' !== $value )

				$value = absint( $value );

			break;



		case 'posts_per_page':

		case 'posts_per_rss':

			$value = (int) $value;

			if ( empty($value) )

				$value = 1;

			if ( $value < -1 )

				$value = abs($value);

			break;



		case 'default_ping_status':

		case 'default_comment_status':

			// Options that if not there have 0 value but need to be something like "closed"

			if ( $value == '0' || $value == '')

				$value = 'closed';

			break;



		case 'blogdescription':

		case 'blogname':

			$value = addslashes($value);

			$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes

			$value = stripslashes($value);

			$value = esc_html( $value );

			break;



		case 'blog_charset':

			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes

			break;



		case 'date_format':

		case 'time_format':

		case 'mailserver_url':

		case 'mailserver_login':

		case 'mailserver_pass':

		case 'ping_sites':

		case 'upload_path':

			$value = strip_tags($value);

			$value = addslashes($value);

			$value = wp_filter_kses($value); // calls stripslashes then addslashes

			$value = stripslashes($value);

			break;



		case 'gmt_offset':

			$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes

			break;



		case 'siteurl':

			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {

				$value = esc_url_raw($value);

			} else {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));

			}

			break;



		case 'home':

			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {

				$value = esc_url_raw($value);

			} else {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));

			}

			break;



		case 'WPLANG':

			$allowed = get_available_languages();

			if ( ! in_array( $value, $allowed ) && ! empty( $value ) )

				$value = get_option( $option );

			break;



		case 'timezone_string':

			$allowed_zones = timezone_identifiers_list();

			if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );

			}

			break;



		case 'permalink_structure':

		case 'category_base':

		case 'tag_base':

			$value = esc_url_raw( $value );

			$value = str_replace( 'http://', '', $value );

			break;

	}



	$value = apply_filters("sanitize_option_{$option}", $value, $option);

2777

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: