ACF Unexpected T_CONSTANT_ENCAPSED_STRING [closed]
Your string example is wrong. You´re ending the echo statement right after opening the <div>. It should look like this: echo ‘<div class=”quarter”><img src=”‘ .$image[0]. ‘” alt=”Logo”></div>’;
escaping
Wrapping add_query_arg with esc_url not working
And the strange part: both codes echo the same string for $url!!! No, they don’t. Look at the page source. esc_url() is encoding the & control character. You can’t do that and expect the HTTP request to work correctly. Use esc_url_raw() instead. Note the description in the Codex concerning that function: The esc_url_raw() function is … Read more
Echoing a URL to a link
No other value can be used in place of display and db. WordPress just check for value display and convert & and ‘quotes to HTML entities (Including all other characters). If you pass db it is just skip this block of code. However, WordPress recommends to use esc_url_raw() instead of passing third argument. You can … Read more
Proper way to use esc_html__ and esc_attr__ etc for escaping value for translation
You should use esc_html_e() instead of esc_attr_e() if you intend to escape your translation. What is proper depends on your intend Escaping attributes are well, for escaping attributes inside html tags like inline styles, datas, etc.
product description text displays above website when in shop page [closed]
Your product descriptions contain html code which is inserted into description meta tags without proper escaping. The resulting meta tags look like this: <meta property=”og:description” content=”<p class=”p1″>100% Natural Anti-Ageing Face Cream with Marine Collagen, Elastin & Essential Proteins – Anti-Wrinkle Cream to Repair, Restore, Rebuild & Rejuvenate Skin</p>” /> The problematic part is <p class=”p1″> … Read more
How to safely return the HTML?
Ok, so this is why it’s important to post the actual code that’s giving you problems. There is nothing wrong with this, which is all you had originally: return ‘<button type=”button” class=”btn btn-success”>Open Now</button>’; If that was the error, you could ignore it. This, on the other hand, does need to be escaped: $wppl_open = … Read more
How to allow single quote with esc_html__() without sprintf()
Hmmm, a different way to output you say? <?php if ( ‘en_US’ === get_locale() ) : ?> Wasn’t your favorite color red? <?php endif; ?> :laughing: But seriously, I mean anything can be done if you want to do it. If you look at esc_html__ – you will see that it’s just calling esc_html, which … Read more
Can wp_strip_all_tags be used as a substitute for esc_url, esc_attr & esc_html?
Not necessarily. They do different things. wp_strip_all_tags() strips HTML tags from a given string, but that’s not the only reason you escape things. esc_attr(), for example, ensures that ” characters are escaped so that a value doesn’t break HTML attributes. For example, if I have a variable whose value is the string my-“class, and I … Read more
Is there any solution, ide/tool etc., for automatic escaping for WordPress?
A tool like PHP CodeSniffer, combined with the WordPress Coding Standards can be used to warn you if values are not being escaped. These warnings can be shown in the editor if the editor has a PHPCS extension of some kind (VS Code does, but I’m not sure about PhpStorm). With PHPCS it’s possible to … Read more
Why would you use esc_attr() on internal functions?
You probably wouldn’t. If you did it would be to make sure it was in place already if in future you decided to make the variable dynamic or filterable. In this case I would suggest it for similar reasons to #1. You may know where $class is coming from now, but this may change in … Read more