Lines:

<?php

/**
 * Options Management Administration Screen.
 *
 * If accessed directly in a browser this page shows a list of all saved options
 * along with editable fields for their values. Serialized data is not supported
 * and there is no way to remove options via this page. It is not linked to from
 * anywhere else in the admin.
 *
 * This file is also the target of the forms in core and custom options pages
 * that use the Settings API. In this case it saves the new option values
 * and returns the user to their page of origin.
 *
 * @package WordPress
 * @subpackage Administration
 */


/** WordPress Administration Bootstrap */
require_once __DIR__ . '/admin.php';

// Used in the HTML title tag.
$title       = __( 'Settings' );
$this_file   = 'options.php';
$parent_file = 'options-general.php';

wp_reset_vars( array( 'action', 'option_page' ) );

$capability = 'manage_options';

// This is for back compat and will eventually be removed.
if ( empty( $option_page ) ) {
  $option_page = 'options';
} else {

  
/**
 * Filters the capability required when using the Settings API.
 *
 * By default, the options groups for all registered settings require the manage_options capability.
 * This filter is required to change the capability required for a certain options page.
 *
 * @since 3.2.0
 *
 * @param string $capability The capability used for the page, which is manage_options by default.
 */
  $capability = apply_filters( "option_page_capability_{$option_page}", $capability );
}

if ( ! current_user_can( $capability ) ) {
  wp_die(
    '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
    '<p>' . __( 'Sorry, you are not allowed to manage options for this site.' ) . '</p>',
    403
  );
}

// Handle admin email change requests.
if ( ! empty( $_GET['adminhash'] ) ) {
  $new_admin_details = get_option( 'adminhash' );
  $redirect          = 'options-general.php?updated=false';

  if ( is_array( $new_admin_details )
    && hash_equals( $new_admin_details['hash'], $_GET['adminhash'] )
    && ! empty( $new_admin_details['newemail'] )
  ) {
    update_option( 'admin_email', $new_admin_details['newemail'] );
    delete_option( 'adminhash' );
    delete_option( 'new_admin_email' );
    $redirect = 'options-general.php?updated=true';
  }

  wp_redirect( admin_url( $redirect ) );
  exit;
} elseif ( ! empty( $_GET['dismiss'] ) && 'new_admin_email' === $_GET['dismiss'] ) {
  check_admin_referer( 'dismiss-' . get_current_blog_id() . '-new_admin_email' );
  delete_option( 'adminhash' );
  delete_option( 'new_admin_email' );
  wp_redirect( admin_url( 'options-general.php?updated=true' ) );
  exit;
}

if ( is_multisite() && ! current_user_can( 'manage_network_options' ) && 'update' !== $action ) {
  wp_die(
    '<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
    '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>',
    403
  );
}

$allowed_options            = array(
  'general'    => array(
    'blogname',
    'blogdescription',
    'gmt_offset',
    'date_format',
    'time_format',
    'start_of_week',
    'timezone_string',

 View on GitHub View on Trac