The proper way to do that is using filter_input(). Here is an example for using a custom sanitize function: $tab = filter_input( INPUT_GET, ‘tab’, FILTER_CALLBACK, [‘options’ => ‘esc_html’] ); $tab = $tab ?: ‘front_page_options’;
Ok, I found the problem. I use a plugin called Remove Redundant Links and it seems to mess around with the data attributes.
In your code json_encode() function causes to add second backslash on the following line. $data = json_encode($item_data); Add the following code in place of above code so it will replace double backslashes with single backslash in data returned by json_encode function. $data = str_replace(“\\\'”,”\\'”,json_encode($item_data )); Visit following links for more information on json_encode function. json_encode … Read more
Use tag->slug instead of tag->name. Spaces and special characters will be replaced by dashes but altering that is easy: echo str_replace(‘-‘,’_’,$tag->slug); Reference http://codex.wordpress.org/Function_Reference/get_the_tags http://php.net/manual/en/function.str-replace.php
Because on the minimum version required it isn’t always available since the SPL can be disabled on PHP 5.2 and below. The majority of installs running WordPress have it, but not all, and it’s the same reason autoloaders and Iterators aren’t used. Moving to v5.3 as a minimum PHP would fix this however as the … Read more
I would use the filter_var() function. It has some predefined filters that you can use depending on what kind of data you are expecting such as string, number, etc. So to sanitize for a number: $sanitizedNum = filter_var($yourVar, FILTER_SANITIZE_NUMBER_INT); For a string you would just change “_NUM_INT” to “_STRING”. Wrap those in a custom function … Read more
You can use wp_filter_kses() and then wp_unslash to filter the content.
Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
strtotime will return false if you give it weird information. echo strtotime(“<script>’); // bool(false) However, if you do what you are doing and nest two statement you may not get what you expect. echo strtotime(‘+1 day’,strtotime(‘<script>’)); // int(86400) And date returns the beginning of the universe, the day of creation– January 1, 1970– if given … Read more
What data sanitzation function should be used to store entire source code of webpage?