WordPress messes up with data attributes in shortcode output
Ok, I found the problem. I use a plugin called Remove Redundant Links and it seems to mess around with the data attributes.
sanitization
wordpress is adding a second backslash when I use addslashes
In your code json_encode() function causes to add second backslash on the following line. $data = json_encode($item_data); Add the following code in place of above code so it will replace double backslashes with single backslash in data returned by json_encode function. $data = str_replace(“\\\'”,”\\'”,json_encode($item_data )); Visit following links for more information on json_encode function. json_encode … Read more
data-type=”” … needed post tags stripped of characters
Use tag->slug instead of tag->name. Spaces and special characters will be replaced by dashes but altering that is easy: echo str_replace(‘-‘,’_’,$tag->slug); Reference http://codex.wordpress.org/Function_Reference/get_the_tags http://php.net/manual/en/function.str-replace.php
Why the WP Core team does not allow filter_* functions? [closed]
Because on the minimum version required it isn’t always available since the SPL can be disabled on PHP 5.2 and below. The majority of installs running WordPress have it, but not all, and it’s the same reason autoloaders and Iterators aren’t used. Moving to v5.3 as a minimum PHP would fix this however as the … Read more
What’s the proper way to sanitize checkbox value sent to the database
I would use the filter_var() function. It has some predefined filters that you can use depending on what kind of data you are expecting such as string, number, etc. So to sanitize for a number: $sanitizedNum = filter_var($yourVar, FILTER_SANITIZE_NUMBER_INT); For a string you would just change “_NUM_INT” to “_STRING”. Wrap those in a custom function … Read more
What functions does WordPress use for filtering / sanitizing comments?
You can use wp_filter_kses() and then wp_unslash to filter the content.
Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
Escaping date string in url with wordpress
strtotime will return false if you give it weird information. echo strtotime(“<script>’); // bool(false) However, if you do what you are doing and nest two statement you may not get what you expect. echo strtotime(‘+1 day’,strtotime(‘<script>’)); // int(86400) And date returns the beginning of the universe, the day of creation– January 1, 1970– if given … Read more
What data sanitzation function should be used to store entire source code of webpage?
What data sanitzation function should be used to store entire source code of webpage?
Getting error to display radio button value in General Settings page
Apart from the isset issue, pointed by Rarst, there’s an error in the sanitization function. esc_attr seems not to work with radio buttons, using esc_sql does the job. You’re also missing the checked state for the buttons: add_filter( ‘admin_init’, ‘myservice_register_function’ ); function myservice_register_function() { register_setting( ‘general’, ‘my_service’, ‘esc_sql’ ); add_settings_field( ‘my_service’, ‘<label for=”service_need”>’.__(‘Do You need … Read more