Issues in options-general.php (master) - Issues in master - staylor/WordPress - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2010)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

wp-admin/options-general.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * General settings administration panel.
 *
 * @package WordPress
 * @subpackage Administration
 */

/** WordPress Administration Bootstrap */
require_once( dirname( __FILE__ ) . '/admin.php' );

/** WordPress Translation Install API */
require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );

if ( ! current_user_can( 'manage_options' ) )
	wp_die( __( 'Sorry, you are not allowed to manage options for this site.' ) );

$title = __('General Settings');
$parent_file = 'options-general.php';
/* translators: date and time format for exact current time, mainly about timezones, see https://secure.php.net/date */
$timezone_format = _x('Y-m-d H:i:s', 'timezone date format');

add_action('admin_head', 'options_general_add_js');

$options_help = '<p>' . __('The fields on this screen determine some of the basics of your site setup.') . '</p>' .
	'<p>' . __('Most themes display the site title at the top of every page, in the title bar of the browser, and as the identifying name for syndicated feeds. The tagline is also displayed by many themes.') . '</p>';

if ( ! is_multisite() ) {
	$options_help .= '<p>' . __('The WordPress URL and the Site URL can be the same (example.com) or different; for example, having the WordPress core files (example.com/wordpress) in a subdirectory instead of the root directory.') . '</p>' .
		'<p>' . __('If you want site visitors to be able to register themselves, as opposed to by the site administrator, check the membership box. A default user role can be set for all new users, whether self-registered or registered by the site admin.') . '</p>';
}

$options_help .= '<p>' . __( 'You can set the language, and the translation files will be automatically downloaded and installed (available if your filesystem is writable).' ) . '</p>' .
	'<p>' . __( 'UTC means Coordinated Universal Time.' ) . '</p>' .
	'<p>' . __( 'You must click the Save Changes button at the bottom of the screen for new settings to take effect.' ) . '</p>';

get_current_screen()->add_help_tab( array(
	'id'      => 'overview',
	'title'   => __('Overview'),
	'content' => $options_help,
) );

get_current_screen()->set_help_sidebar(
	'<p><strong>' . __('For more information:') . '</strong></p>' .
	'<p>' . __('<a href="https://codex.wordpress.org/Settings_General_Screen" target="_blank">Documentation on General Settings</a>') . '</p>' .
	'<p>' . __('<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
);

include( ABSPATH . 'wp-admin/admin-header.php' );
?>

<div class="wrap">
<h1><?php echo esc_html( $title ); ?></h1>

<form method="post" action="options.php" novalidate="novalidate">
<?php settings_fields('general'); ?>

<table class="form-table">
<tr>
<th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th>
<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td>
</tr>
<tr>
<th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th>
<td><input name="blogdescription" type="text" id="blogdescription" aria-describedby="tagline-description" value="<?php form_option('blogdescription'); ?>" class="regular-text" />
<p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td>
</tr>
<?php if ( !is_multisite() ) { ?>
<tr>
<th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th>
<td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td>
</tr>
<tr>
<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th>
<td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" />
<?php if ( ! defined( 'WP_HOME' ) ) : ?>
<p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td>
<?php endif; ?>
</tr>
<tr>
<th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th>
<td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
<p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td>
</tr>
<tr>
<th scope="row"><?php _e('Membership') ?></th>
<td> <fieldset><legend class="screen-reader-text"><span><?php _e('Membership') ?></span></legend><label for="users_can_register">
<input name="users_can_register" type="checkbox" id="users_can_register" value="1" <?php checked('1', get_option('users_can_register')); ?> />
<?php _e('Anyone can register') ?></label>
</fieldset></td>
</tr>
<tr>
<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th>
<td>
<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select>
</td>
</tr>
<?php } else { ?>
<tr>
<th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th>
<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p>
<?php
$new_admin_email = get_option( 'new_admin_email' );
if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
<div class="updated inline">
<p><?php
	printf(
		/* translators: %s: new admin email */
		__( 'There is a pending change of the admin email to %s.' ),
		'<code>' . esc_html( $new_admin_email ) . '</code>'
	);
	printf(
		' <a href="%1$s">%2$s</a>',
		esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
		__( 'Cancel' )
	);
?></p>
</div>
<?php endif; ?>
</td>
</tr>
<?php } ?>
<tr>
<?php
$current_offset = get_option('gmt_offset');
$tzstring = get_option('timezone_string');

$check_zone_info = true;

// Remove old Etc mappings. Fallback to gmt_offset.
if ( false !== strpos($tzstring,'Etc/GMT') )
	$tzstring = '';

if ( empty($tzstring) ) { // Create a UTC+- zone if no timezone string exists
	$check_zone_info = false;
	if ( 0 == $current_offset )
		$tzstring = 'UTC+0';
	elseif ($current_offset < 0)
		$tzstring = 'UTC' . $current_offset;
	else
		$tzstring = 'UTC+' . $current_offset;
}

?>
<th scope="row"><label for="timezone_string"><?php _e('Timezone') ?></label></th>
<td>

<select id="timezone_string" name="timezone_string" aria-describedby="timezone-description">
<?php echo wp_timezone_choice($tzstring); ?>
</select>

<p class="description" id="timezone-description"><?php _e( 'Choose a city in the same timezone as you.' ); ?></p>

<p class="timezone-info">
	<span id="utc-time"><?php
		/* translators: 1: UTC abbreviation, 2: UTC time */
		printf( __( 'Universal time (%1$s) is %2$s.' ),
			'<abbr>' . __( 'UTC' ) . '</abbr>',
			'<code>' . date_i18n( $timezone_format, false, 'gmt' ) . '</code>'
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
		);
	?></span>
<?php if ( get_option( 'timezone_string' ) || ! empty( $current_offset ) ) : ?>
	<span id="local-time"><?php
		/* translators: %s: local time */
		printf( __( 'Local time is %s.' ),
			'<code>' . date_i18n( $timezone_format ) . '</code>'
		);
	?></span>
<?php endif; ?>
</p>

<?php if ( $check_zone_info && $tzstring ) : ?>
<p class="timezone-info">
<span>
	<?php
	// Set TZ so localtime works.
	date_default_timezone_set($tzstring);
	$now = localtime(time(), true);
	if ( $now['tm_isdst'] )
		_e('This timezone is currently in daylight saving time.');
	else
		_e('This timezone is currently in standard time.');
	?>
	<br />
	<?php
	$allowed_zones = timezone_identifiers_list();

	if ( in_array( $tzstring, $allowed_zones) ) {
		$found = false;
		$date_time_zone_selected = new DateTimeZone($tzstring);
		$tz_offset = timezone_offset_get($date_time_zone_selected, date_create());
		$right_now = time();
		foreach ( timezone_transitions_get($date_time_zone_selected) as $tr) {
			if ( $tr['ts'] > $right_now ) {
			    $found = true;
				break;
			}
		}

		if ( $found ) {
			echo ' ';
			$message = $tr['isdst'] ?
				/* translators: %s: date and time  */
				__( 'Daylight saving time begins on: %s.')  :
				/* translators: %s: date and time  */
				__( 'Standard time begins on: %s.' );
			// Add the difference between the current offset and the new offset to ts to get the correct transition time from date_i18n().
			printf( $message,
				'<code>' . date_i18n(
					__( 'F j, Y' ) . ' ' . __( 'g:i a' ),
					$tr['ts'] + ( $tz_offset - $tr['offset'] )
				) . '</code>'
			);
		} else {
			_e( 'This timezone does not observe daylight saving time.' );
		}
	}
	// Set back to UTC.
	date_default_timezone_set('UTC');
	?>
	</span>
</p>
<?php endif; ?>
</td>

</tr>
<tr>
<th scope="row"><?php _e('Date Format') ?></th>
<td>
	<fieldset><legend class="screen-reader-text"><span><?php _e('Date Format') ?></span></legend>
<?php
	/**
	* Filters the default date formats.
	*
	* @since 2.7.0
	* @since 4.0.0 Added ISO date standard YYYY-MM-DD format.
	*
	* @param array $default_date_formats Array of default date formats.
	*/
	$date_formats = array_unique( apply_filters( 'date_formats', array( __( 'F j, Y' ), 'Y-m-d', 'm/d/Y', 'd/m/Y' ) ) );

	$custom = true;

	foreach ( $date_formats as $format ) {
		echo "\t<label><input type='radio' name='date_format' value='" . esc_attr( $format ) . "'";
		if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "==="
			echo " checked='checked'";
			$custom = false;
		}
		echo ' /> <span class="date-time-text format-i18n">' . date_i18n( $format ) . '</span><code>' . esc_html( $format ) . "</code></label><br />\n";
	}

	echo '<label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"';
	checked( $custom );
	echo '/> <span class="date-time-text date-time-custom-text">' . __( 'Custom:' ) . '<span class="screen-reader-text"> ' . __( 'enter a custom date format in the following field' ) . '</span></label>' .
		'<label for="date_format_custom" class="screen-reader-text">' . __( 'Custom date format:' ) . '</label>' .
		'<input type="text" name="date_format_custom" id="date_format_custom" value="' . esc_attr( get_option( 'date_format' ) ) . '" class="small-text" /></span>' .
		'<span class="screen-reader-text">' . __( 'example:' ) . ' </span> <span class="example">' . date_i18n( get_option( 'date_format' ) ) . '</span>' .
		"<span class='spinner'></span>\n";
?>
	</fieldset>
</td>
</tr>
<tr>
<th scope="row"><?php _e('Time Format') ?></th>
<td>
	<fieldset><legend class="screen-reader-text"><span><?php _e('Time Format') ?></span></legend>
<?php
	/**
	* Filters the default time formats.
	*
	* @since 2.7.0
	*
	* @param array $default_time_formats Array of default time formats.
	*/
	$time_formats = array_unique( apply_filters( 'time_formats', array( __( 'g:i a' ), 'g:i A', 'H:i' ) ) );

	$custom = true;

	foreach ( $time_formats as $format ) {
		echo "\t<label><input type='radio' name='time_format' value='" . esc_attr( $format ) . "'";
		if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "==="
			echo " checked='checked'";
			$custom = false;
		}
		echo ' /> <span class="date-time-text format-i18n">' . date_i18n( $format ) . '</span><code>' . esc_html( $format ) . "</code></label><br />\n";
	}

	echo '<label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"';
	checked( $custom );
	echo '/> <span class="date-time-text date-time-custom-text">' . __( 'Custom:' ) . '<span class="screen-reader-text"> ' . __( 'enter a custom time format in the following field' ) . '</span></label>' .
		'<label for="time_format_custom" class="screen-reader-text">' . __( 'Custom time format:' ) . '</label>' .
		'<input type="text" name="time_format_custom" id="time_format_custom" value="' . esc_attr( get_option( 'time_format' ) ) . '" class="small-text" /></span>' .
		'<span class="screen-reader-text">' . __( 'example:' ) . ' </span> <span class="example">' . date_i18n( get_option( 'time_format' ) ) . '</span>' .
		"<span class='spinner'></span>\n";

	echo "\t<p class='date-time-doc'>" . __('<a href="https://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date and time formatting</a>.') . "</p>\n";
?>
	</fieldset>
</td>
</tr>
<tr>
<th scope="row"><label for="start_of_week"><?php _e('Week Starts On') ?></label></th>
<td><select name="start_of_week" id="start_of_week">
<?php
/**
 * @global WP_Locale $wp_locale
 */
global $wp_locale;

for ($day_index = 0; $day_index <= 6; $day_index++) :
	$selected = (get_option('start_of_week') == $day_index) ? 'selected="selected"' : '';
	echo "\n\t<option value='" . esc_attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
endfor;
?>
</select></td>
</tr>
<?php do_settings_fields('general', 'default'); ?>

<?php
$languages = get_available_languages();
$translations = wp_get_available_translations();
if ( ! is_multisite() && defined( 'WPLANG' ) && '' !== WPLANG && 'en_US' !== WPLANG && ! in_array( WPLANG, $languages ) ) {
	$languages[] = WPLANG;
}
if ( ! empty( $languages ) || ! empty( $translations ) ) {
	?>
	<tr>
		<th width="33%" scope="row"><label for="WPLANG"><?php _e( 'Site Language' ); ?></label></th>
		<td>
			<?php
			$locale = get_locale();
			if ( ! in_array( $locale, $languages ) ) {
				$locale = '';
			}

			wp_dropdown_languages( array(
				'name'         => 'WPLANG',
				'id'           => 'WPLANG',
				'selected'     => $locale,
				'languages'    => $languages,
				'translations' => $translations,
				'show_available_translations' => ( ! is_multisite() || is_super_admin() ) && wp_can_install_language_pack(),
			) );

			// Add note about deprecated WPLANG constant.
			if ( defined( 'WPLANG' ) && ( '' !== WPLANG ) && $locale !== WPLANG ) {
				if ( is_super_admin() ) {
					?>
					<p class="description">
						<strong><?php _e( 'Note:' ); ?></strong> <?php printf( __( 'The %s constant in your %s file is no longer needed.' ), '<code>WPLANG</code>', '<code>wp-config.php</code>' ); ?>
					</p>
					<?php
				}
				_deprecated_argument( 'define()', '4.0.0', sprintf( __( 'The %s constant in your %s file is no longer needed.' ), 'WPLANG', 'wp-config.php' ) );
			}
			?>
		</td>
	</tr>
	<?php
}
?>
</table>

<?php do_settings_sections('general'); ?>

<?php submit_button(); ?>
</form>

</div>

<?php include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>


1		<?php
2		/**
3		* General settings administration panel.
4		*
5		* @package WordPress
6		* @subpackage Administration
7		*/
8
9		/** WordPress Administration Bootstrap */
10		require_once( dirname( __FILE__ ) . '/admin.php' );
11
12		/** WordPress Translation Install API */
13		require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );
14
15		if ( ! current_user_can( 'manage_options' ) )
16		wp_die( __( 'Sorry, you are not allowed to manage options for this site.' ) );
17
18		$title = __('General Settings');
19		$parent_file = 'options-general.php';
20		/* translators: date and time format for exact current time, mainly about timezones, see https://secure.php.net/date */
21		$timezone_format = _x('Y-m-d H:i:s', 'timezone date format');
22
23		add_action('admin_head', 'options_general_add_js');
24
25		$options_help = '<p>' . __('The fields on this screen determine some of the basics of your site setup.') . '</p>' .
26		'<p>' . __('Most themes display the site title at the top of every page, in the title bar of the browser, and as the identifying name for syndicated feeds. The tagline is also displayed by many themes.') . '</p>';
27
28	View Code Duplication	if ( ! is_multisite() ) {
29		$options_help .= '<p>' . __('The WordPress URL and the Site URL can be the same (example.com) or different; for example, having the WordPress core files (example.com/wordpress) in a subdirectory instead of the root directory.') . '</p>' .
30		'<p>' . __('If you want site visitors to be able to register themselves, as opposed to by the site administrator, check the membership box. A default user role can be set for all new users, whether self-registered or registered by the site admin.') . '</p>';
31		}
32
33		$options_help .= '<p>' . __( 'You can set the language, and the translation files will be automatically downloaded and installed (available if your filesystem is writable).' ) . '</p>' .
34		'<p>' . __( 'UTC means Coordinated Universal Time.' ) . '</p>' .
35		'<p>' . __( 'You must click the Save Changes button at the bottom of the screen for new settings to take effect.' ) . '</p>';
36
37		get_current_screen()->add_help_tab( array(
38		'id' => 'overview',
39		'title' => __('Overview'),
40		'content' => $options_help,
41		) );
42
43		get_current_screen()->set_help_sidebar(
44		'<p><strong>' . __('For more information:') . '</strong></p>' .
45		'<p>' . __('<a href="https://codex.wordpress.org/Settings_General_Screen" target="_blank">Documentation on General Settings</a>') . '</p>' .
46		'<p>' . __('<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
47		);
48
49		include( ABSPATH . 'wp-admin/admin-header.php' );
50		?>
51
52		<div class="wrap">
53		<h1><?php echo esc_html( $title ); ?></h1>
54
55		<form method="post" action="options.php" novalidate="novalidate">
56		<?php settings_fields('general'); ?>
57
58		<table class="form-table">
59		<tr>
60		<th scope="row"><label for="blogname"><?php _e('Site Title') ?></label></th>
61		<td><input name="blogname" type="text" id="blogname" value="<?php form_option('blogname'); ?>" class="regular-text" /></td>
62		</tr>
63		<tr>
64		<th scope="row"><label for="blogdescription"><?php _e('Tagline') ?></label></th>
65		<td><input name="blogdescription" type="text" id="blogdescription" aria-describedby="tagline-description" value="<?php form_option('blogdescription'); ?>" class="regular-text" />
66		<p class="description" id="tagline-description"><?php _e( 'In a few words, explain what this site is about.' ) ?></p></td>
67		</tr>
68		<?php if ( !is_multisite() ) { ?>
69		<tr>
70		<th scope="row"><label for="siteurl"><?php _e('WordPress Address (URL)') ?></label></th>
71		<td><input name="siteurl" type="url" id="siteurl" value="<?php form_option( 'siteurl' ); ?>"<?php disabled( defined( 'WP_SITEURL' ) ); ?> class="regular-text code<?php if ( defined( 'WP_SITEURL' ) ) echo ' disabled' ?>" /></td>
72		</tr>
73		<tr>
74		<th scope="row"><label for="home"><?php _e('Site Address (URL)') ?></label></th>
75		<td><input name="home" type="url" id="home" aria-describedby="home-description" value="<?php form_option( 'home' ); ?>"<?php disabled( defined( 'WP_HOME' ) ); ?> class="regular-text code<?php if ( defined( 'WP_HOME' ) ) echo ' disabled' ?>" />
76		<?php if ( ! defined( 'WP_HOME' ) ) : ?>
77		<p class="description" id="home-description"><?php _e( 'Enter the address here if you <a href="https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory">want your site home page to be different from your WordPress installation directory.</a>' ); ?></p></td>
78		<?php endif; ?>
79		</tr>
80		<tr>
81		<th scope="row"><label for="admin_email"><?php _e('Email Address') ?> </label></th>
82		<td><input name="admin_email" type="email" id="admin_email" aria-describedby="admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
83		<p class="description" id="admin-email-description"><?php _e( 'This address is used for admin purposes, like new user notification.' ) ?></p></td>
84		</tr>
85		<tr>
86		<th scope="row"><?php _e('Membership') ?></th>
87		<td> <fieldset><legend class="screen-reader-text"><span><?php _e('Membership') ?></span></legend><label for="users_can_register">
88		<input name="users_can_register" type="checkbox" id="users_can_register" value="1" <?php checked('1', get_option('users_can_register')); ?> />
89		<?php _e('Anyone can register') ?></label>
90		</fieldset></td>
91		</tr>
92		<tr>
93		<th scope="row"><label for="default_role"><?php _e('New User Default Role') ?></label></th>
94		<td>
95		<select name="default_role" id="default_role"><?php wp_dropdown_roles( get_option('default_role') ); ?></select>
96		</td>
97		</tr>
98		<?php } else { ?>
99		<tr>
100		<th scope="row"><label for="new_admin_email"><?php _e('Email Address') ?> </label></th>
101		<td><input name="new_admin_email" type="email" id="new_admin_email" aria-describedby="new-admin-email-description" value="<?php form_option( 'admin_email' ); ?>" class="regular-text ltr" />
102		<p class="description" id="new-admin-email-description"><?php _e( 'This address is used for admin purposes. If you change this we will send you an email at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ) ?></p>
103		<?php
104		$new_admin_email = get_option( 'new_admin_email' );
105		if ( $new_admin_email && $new_admin_email != get_option('admin_email') ) : ?>
106		<div class="updated inline">
107		<p><?php
108		printf(
109		/* translators: %s: new admin email */
110		__( 'There is a pending change of the admin email to %s.' ),
111		'<code>' . esc_html( $new_admin_email ) . '</code>'
112		);
113		printf(
114		' <a href="%1$s">%2$s</a>',
115		esc_url( wp_nonce_url( admin_url( 'options.php?dismiss=new_admin_email' ), 'dismiss-' . get_current_blog_id() . '-new_admin_email' ) ),
116		__( 'Cancel' )
117		);
118		?></p>
119		</div>
120		<?php endif; ?>
121		</td>
122		</tr>
123		<?php } ?>
124		<tr>
125		<?php
126		$current_offset = get_option('gmt_offset');
127		$tzstring = get_option('timezone_string');
128
129		$check_zone_info = true;
130
131		// Remove old Etc mappings. Fallback to gmt_offset.
132		if ( false !== strpos($tzstring,'Etc/GMT') )
133		$tzstring = '';
134
135		if ( empty($tzstring) ) { // Create a UTC+- zone if no timezone string exists
136		$check_zone_info = false;
137		if ( 0 == $current_offset )
138		$tzstring = 'UTC+0';
139		elseif ($current_offset < 0)
140		$tzstring = 'UTC' . $current_offset;
141		else
142		$tzstring = 'UTC+' . $current_offset;
143		}
144
145		?>
146		<th scope="row"><label for="timezone_string"><?php _e('Timezone') ?></label></th>
147		<td>
148
149		<select id="timezone_string" name="timezone_string" aria-describedby="timezone-description">
150		<?php echo wp_timezone_choice($tzstring); ?>
151		</select>
152
153		<p class="description" id="timezone-description"><?php _e( 'Choose a city in the same timezone as you.' ); ?></p>
154
155		<p class="timezone-info">
156		<span id="utc-time"><?php
157		/* translators: 1: UTC abbreviation, 2: UTC time */
158		printf( __( 'Universal time (%1$s) is %2$s.' ),
159		'<abbr>' . __( 'UTC' ) . '</abbr>',
160		'<code>' . date_i18n( $timezone_format, false, 'gmt' ) . '</code>'
		0 ignored issues – show Documentation introduced 2016-08-19 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `'gmt'` is of type `string`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
161		);
162		?></span>
163		<?php if ( get_option( 'timezone_string' ) \|\| ! empty( $current_offset ) ) : ?>
164		<span id="local-time"><?php
165		/* translators: %s: local time */
166		printf( __( 'Local time is %s.' ),
167		'<code>' . date_i18n( $timezone_format ) . '</code>'
168		);
169		?></span>
170		<?php endif; ?>
171		</p>
172
173		<?php if ( $check_zone_info && $tzstring ) : ?>
174		<p class="timezone-info">
175		<span>
176		<?php
177		// Set TZ so localtime works.
178		date_default_timezone_set($tzstring);
179		$now = localtime(time(), true);
180		if ( $now['tm_isdst'] )
181		_e('This timezone is currently in daylight saving time.');
182		else
183		_e('This timezone is currently in standard time.');
184		?>
185		<br />
186		<?php
187		$allowed_zones = timezone_identifiers_list();
188
189		if ( in_array( $tzstring, $allowed_zones) ) {
190		$found = false;
191		$date_time_zone_selected = new DateTimeZone($tzstring);
192		$tz_offset = timezone_offset_get($date_time_zone_selected, date_create());
193		$right_now = time();
194		foreach ( timezone_transitions_get($date_time_zone_selected) as $tr) {
195		if ( $tr['ts'] > $right_now ) {
196		$found = true;
197		break;
198		}
199		}
200
201		if ( $found ) {
202		echo ' ';
203		$message = $tr['isdst'] ?
204		/* translators: %s: date and time */
205		__( 'Daylight saving time begins on: %s.') :
206		/* translators: %s: date and time */
207		__( 'Standard time begins on: %s.' );
208		// Add the difference between the current offset and the new offset to ts to get the correct transition time from date_i18n().
209		printf( $message,
210		'<code>' . date_i18n(
211		__( 'F j, Y' ) . ' ' . __( 'g:i a' ),
212		$tr['ts'] + ( $tz_offset - $tr['offset'] )
213		) . '</code>'
214		);
215		} else {
216		_e( 'This timezone does not observe daylight saving time.' );
217		}
218		}
219		// Set back to UTC.
220		date_default_timezone_set('UTC');
221		?>
222		</span>
223		</p>
224		<?php endif; ?>
225		</td>
226
227		</tr>
228		<tr>
229		<th scope="row"><?php _e('Date Format') ?></th>
230		<td>
231		<fieldset><legend class="screen-reader-text"><span><?php _e('Date Format') ?></span></legend>
232		<?php
233		/**
234		* Filters the default date formats.
235		*
236		* @since 2.7.0
237		* @since 4.0.0 Added ISO date standard YYYY-MM-DD format.
238		*
239		* @param array $default_date_formats Array of default date formats.
240		*/
241		$date_formats = array_unique( apply_filters( 'date_formats', array( __( 'F j, Y' ), 'Y-m-d', 'm/d/Y', 'd/m/Y' ) ) );
242
243		$custom = true;
244
245	View Code Duplication	foreach ( $date_formats as $format ) {
246		echo "\t<label><input type='radio' name='date_format' value='" . esc_attr( $format ) . "'";
247		if ( get_option('date_format') === $format ) { // checked() uses "==" rather than "==="
248		echo " checked='checked'";
249		$custom = false;
250		}
251		echo ' /> <span class="date-time-text format-i18n">' . date_i18n( $format ) . '</span><code>' . esc_html( $format ) . "</code></label><br />\n";
252		}
253
254		echo '<label><input type="radio" name="date_format" id="date_format_custom_radio" value="\c\u\s\t\o\m"';
255		checked( $custom );
256		echo '/> <span class="date-time-text date-time-custom-text">' . __( 'Custom:' ) . '<span class="screen-reader-text"> ' . __( 'enter a custom date format in the following field' ) . '</span></label>' .
257		'<label for="date_format_custom" class="screen-reader-text">' . __( 'Custom date format:' ) . '</label>' .
258		'<input type="text" name="date_format_custom" id="date_format_custom" value="' . esc_attr( get_option( 'date_format' ) ) . '" class="small-text" /></span>' .
259		'<span class="screen-reader-text">' . __( 'example:' ) . ' </span> <span class="example">' . date_i18n( get_option( 'date_format' ) ) . '</span>' .
260		"<span class='spinner'></span>\n";
261		?>
262		</fieldset>
263		</td>
264		</tr>
265		<tr>
266		<th scope="row"><?php _e('Time Format') ?></th>
267		<td>
268		<fieldset><legend class="screen-reader-text"><span><?php _e('Time Format') ?></span></legend>
269		<?php
270		/**
271		* Filters the default time formats.
272		*
273		* @since 2.7.0
274		*
275		* @param array $default_time_formats Array of default time formats.
276		*/
277		$time_formats = array_unique( apply_filters( 'time_formats', array( __( 'g:i a' ), 'g:i A', 'H:i' ) ) );
278
279		$custom = true;
280
281	View Code Duplication	foreach ( $time_formats as $format ) {
282		echo "\t<label><input type='radio' name='time_format' value='" . esc_attr( $format ) . "'";
283		if ( get_option('time_format') === $format ) { // checked() uses "==" rather than "==="
284		echo " checked='checked'";
285		$custom = false;
286		}
287		echo ' /> <span class="date-time-text format-i18n">' . date_i18n( $format ) . '</span><code>' . esc_html( $format ) . "</code></label><br />\n";
288		}
289
290		echo '<label><input type="radio" name="time_format" id="time_format_custom_radio" value="\c\u\s\t\o\m"';
291		checked( $custom );
292		echo '/> <span class="date-time-text date-time-custom-text">' . __( 'Custom:' ) . '<span class="screen-reader-text"> ' . __( 'enter a custom time format in the following field' ) . '</span></label>' .
293		'<label for="time_format_custom" class="screen-reader-text">' . __( 'Custom time format:' ) . '</label>' .
294		'<input type="text" name="time_format_custom" id="time_format_custom" value="' . esc_attr( get_option( 'time_format' ) ) . '" class="small-text" /></span>' .
295		'<span class="screen-reader-text">' . __( 'example:' ) . ' </span> <span class="example">' . date_i18n( get_option( 'time_format' ) ) . '</span>' .
296		"<span class='spinner'></span>\n";
297
298		echo "\t<p class='date-time-doc'>" . __('<a href="https://codex.wordpress.org/Formatting_Date_and_Time">Documentation on date and time formatting</a>.') . "</p>\n";
299		?>
300		</fieldset>
301		</td>
302		</tr>
303		<tr>
304		<th scope="row"><label for="start_of_week"><?php _e('Week Starts On') ?></label></th>
305		<td><select name="start_of_week" id="start_of_week">
306		<?php
307		/**
308		* @global WP_Locale $wp_locale
309		*/
310		global $wp_locale;
311
312		for ($day_index = 0; $day_index <= 6; $day_index++) :
313		$selected = (get_option('start_of_week') == $day_index) ? 'selected="selected"' : '';
314		echo "\n\t<option value='" . esc_attr($day_index) . "' $selected>" . $wp_locale->get_weekday($day_index) . '</option>';
315		endfor;
316		?>
317		</select></td>
318		</tr>
319		<?php do_settings_fields('general', 'default'); ?>
320
321		<?php
322		$languages = get_available_languages();
323		$translations = wp_get_available_translations();
324	View Code Duplication	if ( ! is_multisite() && defined( 'WPLANG' ) && '' !== WPLANG && 'en_US' !== WPLANG && ! in_array( WPLANG, $languages ) ) {
325		$languages[] = WPLANG;
326		}
327		if ( ! empty( $languages ) \|\| ! empty( $translations ) ) {
328		?>
329		<tr>
330		<th width="33%" scope="row"><label for="WPLANG"><?php _e( 'Site Language' ); ?></label></th>
331		<td>
332		<?php
333		$locale = get_locale();
334		if ( ! in_array( $locale, $languages ) ) {
335		$locale = '';
336		}
337
338		wp_dropdown_languages( array(
339		'name' => 'WPLANG',
340		'id' => 'WPLANG',
341		'selected' => $locale,
342		'languages' => $languages,
343		'translations' => $translations,
344		'show_available_translations' => ( ! is_multisite() \|\| is_super_admin() ) && wp_can_install_language_pack(),
345		) );
346
347		// Add note about deprecated WPLANG constant.
348		if ( defined( 'WPLANG' ) && ( '' !== WPLANG ) && $locale !== WPLANG ) {
349		if ( is_super_admin() ) {
350		?>
351		<p class="description">
352		<strong><?php _e( 'Note:' ); ?></strong> <?php printf( __( 'The %s constant in your %s file is no longer needed.' ), '<code>WPLANG</code>', '<code>wp-config.php</code>' ); ?>
353		</p>
354		<?php
355		}
356		_deprecated_argument( 'define()', '4.0.0', sprintf( __( 'The %s constant in your %s file is no longer needed.' ), 'WPLANG', 'wp-config.php' ) );
357		}
358		?>
359		</td>
360		</tr>
361		<?php
362		}
363		?>
364		</table>
365
366		<?php do_settings_sections('general'); ?>
367
368		<?php submit_button(); ?>
369		</form>
370
371		</div>
372
373		<?php include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>
374

staylor / WordPress

Issues (2010)

Security Analysis not enabled

wp-admin/options-general.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like