Regarding the edited question, here’s another old Q&A, which might actually be a better reference, Should I sanitize an email address before passing it to the is_email() function?, especially @kaiser’s answer. And regarding kaiser’s Funny sidefact now as I had a look at the sources for both functions (is_email(), sanitize_email()), they are indeed basically the … Read more
The filter validate_username sends and expects a boolean value, not a string. Hook into sanitize_user and use mb_strtolower(). Sample code, not tested: add_filter( ‘sanitize_user’, ‘wpse_83689_lower_case_user_name’ ); function wpse_83689_lower_case_user_name( $name ) { // might be turned off if ( function_exists( ‘mb_strtolower’ ) ) return mb_strtolower( $name ); return strtolower( $name ); }
@tf is almost there, I think. You can use JS on your widget’s admin form, as I’ve done it before (though not for validation). Within your widget’s constructor, add an action: add_action( “admin_print_scripts-widgets.php”, array( __CLASS__, ‘register_my_validation_script’ ) ); Then create the corresponding function inside your widget’s class: function register_my_validation_script() { wp_enqueue_script( ‘my-script-handle’, plugins_url( ‘/my-validation-script.js’, __FILE__ … Read more
You can escape the HTML, so instead of echo $item[‘link’]; you would write: echo esc_html($item[‘link’]); // This is a WP function //or echo htmlspecialchars($item[‘link’]); //PHP equivalent Also important to note your code is depreciated, fetch_rss has been replaced by fetch_feed. http://codex.wordpress.org/Function_Reference/fetch_feed ps. You can also use esc_attr which is identical to esc_html in this case.
I register custom post type on init action and the validate which I’m writing about is set to register_setting inside admin_init action. This is the key to your issue. You’re registering the custom post type, and presumably you’re setting up the rewrite rules in that registration. When you call flush_rewrite_rules(), the rules are rebuilt right … Read more
Because on the minimum version required it isn’t always available since the SPL can be disabled on PHP 5.2 and below. The majority of installs running WordPress have it, but not all, and it’s the same reason autoloaders and Iterators aren’t used. Moving to v5.3 as a minimum PHP would fix this however as the … Read more
The best way to sanitize text fields within WordPress is to use sanitize_text_field() function: $data = sanitize_text_field( $_POST[‘key’] ); Additionally, if you register the meta field properly width register_meta() function, you can define the sanitize callback and the expected data type as well. For example: add_action( ‘init’, ‘cyb_register_meta_fields’ ); function cyb_register_meta_fields() { $args = array( … Read more
The short answer is “yes”, the longer answer is “it depends”. Why do you need to validate? because if you have code, which if used with wrong parameters will delete wordpress (very bad example I know), you should made double sure that it is not triggered by some DB corruption, or more likely, misbehaving filter. … Read more
hook the_posts and inspect each post to see if your shortcode is present, you can use wp_enqueue_style at that point if it is. maybe a bit of regex to check for the presence of the shortcode is the way to go, unfortunately i’m not very good with regex! function wpse27772_has_shortcode($posts) { if ( empty($posts) ) … Read more
If you have an options page (which should be inside one form), then all data is sent from that form, regardless of whether or not the option has been changed. The array received for validation is the data received from (your part of) the form. If the data is ’empty’ it is because the data … Read more