Technical difference is kinda obvious. PHP one is single function, using logic in PHP code. WP one is one of family of functions, based on third party KSES library. Is there practical difference between these two specific functions? I think the important point is that strip_tags() was made for utility, while KSES was made for … Read more
For the first example, a lot of people will use wp_kses_post to handle basic HTML output from wrapper functions. It’s a shortcut for some basic attributes and tags using wp_kses. You could use this function where you specify allowed tags and attributes that can pass through for the second example.
No, there is no function for that. You would need a complete JavaScript parser. This is not part of the WordPress core.
WordPress will not do any data sanitization for you. It does do sanitization/validation of the default options. You have to pass in the third argument of register_setting and either role your own validation callback or or use one of the builtins. If your options is only going to contain a string, you could do something … Read more
I can’t use $wpdb->prepare, since I want to be able to add variables to my query string that look something like: $var = “AND pm.meta_value=”%$_POST[“val’]%'”; To get a literal % to pass through $wpdb->prepare just double it. You don’t need to be avoiding $wpdb->prepare. Proof of concept: var_dump($wpdb->prepare(‘SELECT * FROM {$wpdb->posts} WHERE post_title LIKE “%%%s%%”‘,’Hello’)); … Read more
This behavior is most likely intended, and can be disabled. However it might break other features too. There are a couple of workarounds, that you can try. Break the Image URL and File Name You can pass the arguments to your shortcode in the following way: [theimg path=”https://s.w.org/about/images/logos/” filename=”wordpress-logo-simplified-rgb.png” ] This will prevent the editor … Read more
$url = esc_url ( str_replace(‘ ‘ , ‘-‘, $url ) ); Replace the spaces to – chars before activating esc_url function, and your problem is solved.
This maybe just a personal distinction but I consider: data validation to mean is the data ‘correct’? Is it what we expect? data sanitisation to mean is the data *safe to use * Though there can be some blurring, typically data validation will only occur when a user-input is taken, or some data is obtained … Read more
Either way this seems like a very clunky solution for arbitrary markup in shortcode. If only one of attributes is more bulky and includes markup I would consider making shortcode enclosing: [infobox src=”http://www.google.com” title=”Google”] Some description – see more: <a href=”http://www.google.com”>More here</a> [/infobox] You might be to the point when you’ll need to built custom … Read more
There is no filter to change that behavior, you would have to replace the entire metabox. On the other hand: I think there is no really simple way to show and to save those arrays. Example for a fictive meta key ‘foo’: array ( 0 => 2, ‘hello’ => array ( 0 => 2, ‘hello’ … Read more