Properly sanitize an input field “Name “

You could do something like this: $input=”Name <[email protected]>”; // Break the input into parts preg_match( ‘/([^<]+)<([^>]+)>/i’, $input, $matches, PREG_UNMATCHED_AS_NULL ); // Clean the name $name = sanitize_text_field( $matches[ 1 ] ); // Clean the email $email = sanitize_email( $matches[ 2 ] ); // Bail early if the values are invalid. if ( !$name || !$email … Read more

wp_set_object_terms() without accents

Just thought I’d point out, your call to remove_accent() is incorrect, you are missing the s off of accents. Example from codex: $text = “Hoy será un gran día”; echo remove_accents($text); Echo result: Hoy sera un gran dia https://codex.wordpress.org/Function_Reference/remove_accents

Sanitization html output itself

The more elaborate data is, the harder it is to both formulate and implement sanitization process. For a number this might be as simple as “integer” and (int)$number. For HTML this is highly not trivial with different possibilities of desired scope (no HTML tags? some blacklisted tags? some whitelisted tags? what about embedded scripts? CSS?) … Read more

WP_Customize_Manager: How to get control ID

I think this is probably not right approach for the way the Customiser is organised. Controls and Settings are pretty much separate entities. Controls can save settings, but settings aren’t tied to a specific control. As far as I’m aware there’s nothing stopping you having multiple controls for a single setting, for example. My suggestion … Read more

Sanitizing output that contains quotes?

Another solution would be to put the style directly in the header, and only put the escaped values in, which would solve the double quote issue, but in the case that no styling has been set I’m left with an empty style in my element, and that also seems kinda unnecessary. You could e.g. check … Read more

What’s a safe / good way to output HTML safely within WordPress templates?

It depends on the context. In a template you’d just echo it: <div> <?php echo parse_html_for_images(); ?> </div> In a function you might want to concatenate it with something else: function wpse_303376_thumbnail() { return ‘<div>’ . parse_html_for_images() . ‘</div>’; } In a shortcode callback with lots other markup you might want to use output buffering, … Read more