From 1aa48c2677f9e11d46905ef597a6d6205d1f8c23 Mon Sep 17 00:00:00 2001
From: wpmuguru <wpmuguru@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Mon, 15 Mar 2010 18:10:34 +0000
Subject: [PATCH] block unregistered settings in multisite, see #11644, related
 #11730

git-svn-id: http://svn.automattic.com/wordpress/trunk@13709 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/options.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/wp-admin/options.php b/wp-admin/options.php
index c7d6fc11b..d2b348a69 100644
--- a/wp-admin/options.php
+++ b/wp-admin/options.php
@@ -109,6 +109,8 @@ if ( 'update' == $action ) {
 
 	if ( 'options' == $option_page )
 		$options = explode(',', stripslashes( $_POST[ 'page_options' ] ));
+		if( is_multisite() && !is_super_admin() )
+			wp_die( __( 'Not allowed here' ) );
 	else
 		$options = $whitelist_options[ $option_page ];