Question why does wp_sanitize_redirect strip out @ signs, exactly? Anybody could anyway try to load a url with an @ sign in it – is there some security issue I’m not thinking about? Just take a look at the source: function wp_sanitize_redirect($location) { $location = preg_replace(‘|[^a-z0-9-~+_.?#=&;,/:%!]|i’, ”, $location); $location = wp_kses_no_null($location); // remove %0d and … Read more
Your control is named custom_num but your setting is named my_custom_num. Modify your setting’s sanitize function to use the former: $input_attrs = $setting->manager->get_control( ‘custom_num’ )->input_attrs; See also the Customize Input Validity Constraints plugin, where you can see how to obtain the control for a given setting without having to hard-code it: $controls = array(); foreach … Read more
No need to reinvent the wheel – put your editor support back and tweak the settings: function wpse_199918_wp_editor_settings( $settings, $editor_id ) { if ( $editor_id === ‘content’ && get_current_screen()->post_type === ‘custom_post_type’ ) { $settings[‘tinymce’] = false; $settings[‘quicktags’] = false; $settings[‘media_buttons’] = false; } return $settings; } add_filter( ‘wp_editor_settings’, ‘wpse_199918_wp_editor_settings’, 10, 2 );
Here is an example code that will get the data and then display it: global $wpdb; // this adds the prefix which is set by the user upon instillation of wordpress $table_name = $wpdb->prefix . “your_table_name”; // this will get the data from your table $retrieve_data = $wpdb->get_results( “SELECT * FROM $table_name” ); ?> <ul> … Read more
Use import { cleanForSlug } from “@wordpress/editor”; in your block.js file to import the function in and then use the it like cleanForSlug(stringToClean) to create the ID’s.
Your last prepare() snippet should work just fine, check that you have $wpdb declared as global in your function. Also blank page seems extreme, enable WP_DEBUG if not yet and see if there are any specific errors that cause it.
Short Answer: If you have properly validated the data, then sanitization can be made optional. Longer Answer User-supplied data and data from unknown/external sources should always be treated as untrusted even in the case where the user was actually yourself, so yes, we should always validate and/or sanitize such data. And therefore, no, please do … Read more
You will want to use sanitize_email(); as follows: return( sanitize_email( $email ) ); Here is the Codex link so you have it: http://codex.wordpress.org/Function_Reference/sanitize_email Cheers!
Be sure to set the value in your markup. You should have. <input type=”checkbox” name=”changeposition” value=”yes” /> Then, I’d suggest using sanitize_key() to sanitize. Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed. Think of the word yes, as a key. That’s what you’re expecting is a lowercase alphanumeric value. … Read more
There are two aspects here obviously all input should be sanitized JSON is just a wrapper no different then any other type of container which is used to aggregate data for transmission. You almost never sanitize the container as usually in case of an error you will just not be able to extract the data … Read more