Add a third parameter, which is an $args array, and add your sanitization callback in there: register_setting( ‘sports_api_key’, ‘sports_api_key’, array( ‘sanitization_callback’ => ‘sanitize_text_field’ ) ); This is enough for your use case, the sanitize_text_field function already exists, so you don’t need to create it. More information here for how to add a sanitization callback and … Read more
If I understand correctly, WordPress automatically applies a wp_slash() on the global $_POST variable: should this means that for any $_POST variable, prior to saving to the DB, we should first unslash it? Which one of the following solution is the correct one? Is the $_GET variable also slashed? Do we need to apply the … Read more
I assume you’re missing the value=””, it seems like you use <input> as a regular HTML tag, and not a self-closing one. A basic example of what it should be like if I only use your value and ignore all the other attributes. <input value=”<?php echo esc_attr( get_the_author_meta( ‘periodo_1da’, $user->ID ) ); ?>”> And here … Read more
You can use sanitize_text_field exactly as you are. From the function’s documentation: Checks for invalid UTF-8, Converts single < characters to entities Strips all tags Removes line breaks, tabs, and extra whitespace Strips percent-encoded characters sanitize_text_field() is already defined as a function in WordPress, so you don’t need to change anything. The sanitize_callback parameter takes … Read more
It’s not completely pointless, but probably smart to sanitize, because of the following situations: What’s the certainty that the SVGs only come from you directly? Can you guarantee that the SVGs won’t be intercepted during upload? Redundancies for keeping your site secure are generally recommended. I don’t know that wp_kses() is the best for sanitizing … Read more
Extend file format support for post thumbnails
Instead of looping through the array, use this: map_deep( $form_data, ‘sanitize_text_field’ ); (see the User Notes in the function doc: https://developer.wordpress.org/reference/functions/sanitize_text_field/ ) The docs state that Checks for invalid UTF-8, Converts single < characters to entities Strips all tags Removes line breaks, tabs, and extra whitespace Strips percent-encoded characters So you could also use the … Read more
You could do something like this: $input=”Name <[email protected]>”; // Break the input into parts preg_match( ‘/([^<]+)<([^>]+)>/i’, $input, $matches, PREG_UNMATCHED_AS_NULL ); // Clean the name $name = sanitize_text_field( $matches[ 1 ] ); // Clean the email $email = sanitize_email( $matches[ 2 ] ); // Bail early if the values are invalid. if ( !$name || !$email … Read more
This might be a more useful demonstration: <a href=”<?php echo esc_url( $url ); ?>>I’m printing a URL to the frontend</a> $url = sanitize_url( $_GET[‘user_inputted_data’] ); update_post_meta( $post_id, ‘that_url’, $url ); esc_url is an escaping function, sanitize_url is a sanitising function. Sanitising functions clean incoming data, e.g. removing letters from phone numbers, stripping trailing space etc. … Read more
How to return responsive images from a sanitize_callback?