sanitization - Read For Learn

How to sanitize uploaded file filename from a plugin?

I found a way. Change the lines on wordpress-form-manager plugin direcoty -> types -> file.php (around line 109) From: if($fileNameFormat == “%filename%”){ $newFileName = $pathInfo[‘filename’]; } To: if($fileNameFormat == “%filename%”){ //Sanitize the filename (See note below) $remove_these = array(‘ ‘,’`’,'”‘,’\”,’\\’,”https://wordpress.stackexchange.com/”,’%’); $newFileName = str_replace($remove_these, ”, $pathInfo[‘filename’]); //Make the filename unique $newFileName = time().’-‘.$newFileName; }

CSS from textarea in options page to frontend what to do

You should not use esc_attr in this way. It should be used only for escaping attributes in HTML tags. As for the CSS it depends on who is the intended user. If you are doing it for a standalone site in which only the admin can edit the CSS, than you don’t need to sanitize. … Read more

Sanitize Disqus API results?

Assuming you’re talking about the body of a comment, there’s nothing to worry about. We already sanitize comment and thread messages.

wp_kses ignore allowed and allow everything

wp_kses (Codex) removes unallowed tags, but it doesn’t remove their content. So, if you have a “{something}”, wp_kses only removes the tags, not the content, returning “{something}”. Thus, this is intended behaviour and your issue doesn’t seem to be a bug.

WP_Editor – Saving Value into Plugin Option – Stripping HTML

The Problem This turned out to be a common case of needing to use stripslashes();. How did I figure this out? I logged into phpMyAdmin, navigated to the options table, found my option name, and edited it. Here’s what I discovered… s:11:”description”;s:90:”<span style=\”text-decoration: underline;\”>This is supposed to be underlined text.</span>”; So obviously my plugin is … Read more

What function removes apostrophes when making a slug?

Use this function to remove the apostrophe: preg_replace( “/[:’]/”, “”, $title );

Can i use the same sanitize function on multiple theme mod textboxes?

As i can see, your inputs are all the same (textbox) and most likely return the same type of data ( some human-readable text ), so i don’t think you need different functions. One will do it all, unless you have checkbox, radio buttons, HTML input, etc which might need different types of sanitation (such … Read more

Preserve old values on error in setting API

Unfortunately WordPress does not provide the old value as an additional argument to your sanitize_callback callable. This is supported in general by the option validator hook that WordPress calls when saving the updated setting… return apply_filters( “sanitize_option_{$option}”, $value, $option, $original_value ); …but in practice it is not actually registered with any additional arguments when the … Read more

WordPress Settings API – Sanitize Integer

If the integer should be a positive number, you can use absint(). See: https://codex.wordpress.org/Function_Reference/absint

Modify automatically generation of slug when term is created

You will have bugs like this. because you are not sanitizing the title with sanitize_title(). And you are not checking for duplications with wp_unique_term_slug() Bugs tests: Add spaces in the name and see the slug with spaces. After you add the sanitize_title() add term with comma 5,5 add term with space 5 5 results with … Read more

+ More