Your code is working correctly. If you look at the source code of the page, you will see: <script>alert('Test')</script> When the above text gets processed for display by your browser, it then becomes <script>alert(‘Test’)</script> which is what you want to be displayed.
Try below code: add_filter( ‘gform_field_validation’, ‘custom_validation’, 10, 4 ); function custom_validation( $result, $value, $form, $field ) { $arrWhitelist = array(‘XH6D’, ‘8U2A’, ‘L9D3’); if ( $result[‘is_valid’] && !in_array( $value, $arrWhitelist )) { $result[‘is_valid’] = false; $result[‘message’] = ‘Please enter a value less than 10’; } return $result; } Further, You can review validation in more detail … Read more
Regarding the edited question, here’s another old Q&A, which might actually be a better reference, Should I sanitize an email address before passing it to the is_email() function?, especially @kaiser’s answer. And regarding kaiser’s Funny sidefact now as I had a look at the sources for both functions (is_email(), sanitize_email()), they are indeed basically the … Read more
Because on the minimum version required it isn’t always available since the SPL can be disabled on PHP 5.2 and below. The majority of installs running WordPress have it, but not all, and it’s the same reason autoloaders and Iterators aren’t used. Moving to v5.3 as a minimum PHP would fix this however as the … Read more
Using $_POST is too low level. Simply give it the same name as your other options. When you options are displayed they should have the names of the form: my_settings[a_particular_option]. For instance: <input name=”my_settings[some_input_option]”/> Then for your hidden input and submit button: <input type=”hiddden” name=”my_settings[foo]” value=”bar”/> <input name=”my_settings[SubmitButton]” type=”submit” class=”button-primary” value=”<?php _e(‘Save Changes’); ?>”/> In … Read more
Take a look at WordPress codex Data Validation entry, it covers most of the validation functions that come built-in with WordPress which you can use to validate your form submission.
What data sanitzation function should be used to store entire source code of webpage?
wp_remote_post – handling responses
You can check my tutorial for front-end user registration and login in WordPress: http://www.cozmoslabs.com/1012-wordpress-user-registration-template-and-custom-user-profile-fields/ As to the wp_signon, wp_insert_user, wp_create_user and wp_update_user they take care of all sanitation and validation of your content. Also you don’t need to use those filters in wp_create_user to create your users.
You are sending text unencoded. urlencode that just like you do the permalink. <a class=”popup” href=”http://twitter.com/share?url=<?php echo urlencode(get_permalink($post->ID)); ?>&text=<?php echo urlencode(the_content_limit(100, “”));?>”><img src=”http://zitatezumnachdenken.com/wp-content/uploads/2013/04/twittersmall.png” alt=”twitter”></a> Although, the_content_limit looks like it probably echos (based on your usage) instead of returning a string, which you will need. So I expect you will have to find that function and … Read more