From 12a455c39d8d637f3adcab5e769cd34e6c8ede8d Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 4 Oct 2006 12:18:28 +0000
Subject: [PATCH] Prevent non-option form elements from sneaking in to the
 options table.  fixes #2595

git-svn-id: http://svn.automattic.com/wordpress/trunk@4332 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/options.php        | 16 ++++++++++++----
 wp-admin/upgrade-schema.php |  2 +-
 wp-includes/version.php     |  2 +-
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/wp-admin/options.php b/wp-admin/options.php
index 4297bd45b..f71c8b5c0 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -88,9 +88,10 @@ case 'update':
 
 	check_admin_referer('update-options');
 
-	if (!$_POST['page_options']) {
-		foreach ($_POST as $key => $value) {
-			$options[] = $key;
+	if ( !$_POST['page_options'] ) {
+		foreach ( (array) $_POST as $key => $value) {
+			if ( !in_array($key, array('_wpnonce', '_wp_http_referer')) )
+				$options[] = $key;
 		}
 	} else {
 		$options = explode(',', stripslashes($_POST['page_options']));
@@ -122,8 +123,15 @@ default:
   <table width="98%">
 <?php
 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
+foreach ( (array) $options as $option )
+	$options_to_update[] = $option->option_name;
+$options_to_update = implode(',', $options_to_update);
+?>
 
-foreach ($options as $option) :
+<input type="hidden" name="page_options" value="<?php echo $options_to_update; ?>" /> 
+
+<?php
+foreach ( (array) $options as $option) :
 	$value = wp_specialchars($option->option_value, 'single');
 	echo "
 <tr>
diff --git a/wp-admin/upgrade-schema.php b/wp-admin/upgrade-schema.php
index 2166205c2..c2229da6c 100644
--- a/wp-admin/upgrade-schema.php
+++ b/wp-admin/upgrade-schema.php
@@ -233,7 +233,7 @@ function populate_options() {
 	add_option('show_on_front', 'posts');
 
 	// Delete unused options
-	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog');
+	$unusedoptions = array ('blodotgsping_url', 'bodyterminator', 'emailtestonly', 'phoneemail_separator', 'smilies_directory', 'subjectprefix', 'use_bbcode', 'use_blodotgsping', 'use_phoneemail', 'use_quicktags', 'use_weblogsping', 'weblogs_cache_file', 'use_preview', 'use_htmltrans', 'smilies_directory', 'fileupload_allowedusers', 'use_phoneemail', 'default_post_status', 'default_post_category', 'archive_mode', 'time_difference', 'links_minadminlevel', 'links_use_adminlevels', 'links_rating_type', 'links_rating_char', 'links_rating_ignore_zero', 'links_rating_single_image', 'links_rating_image0', 'links_rating_image1', 'links_rating_image2', 'links_rating_image3', 'links_rating_image4', 'links_rating_image5', 'links_rating_image6', 'links_rating_image7', 'links_rating_image8', 'links_rating_image9', 'weblogs_cacheminutes', 'comment_allowed_tags', 'search_engine_friendly_urls', 'default_geourl_lat', 'default_geourl_lon', 'use_default_geourl', 'weblogs_xml_url', 'new_users_can_blog', '_wpnonce', '_wp_http_referer', 'Update');
 	foreach ($unusedoptions as $option) :
 		delete_option($option);
 	endforeach;
diff --git a/wp-includes/version.php b/wp-includes/version.php
index c52d23e2b..3159732ed 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -3,6 +3,6 @@
 // This holds the version number in a separate file so we can bump it without cluttering the SVN
 
 $wp_version = '2.1-alpha3';
-$wp_db_version = 3845;
+$wp_db_version = 3846;
 
 ?>
\ No newline at end of file