validation - Read For Learn

w3c validation problem – Twitter share button pulling content

You are sending text unencoded. urlencode that just like you do the permalink. <a class=”popup” href=”http://twitter.com/share?url=<?php echo urlencode(get_permalink($post->ID)); ?>&text=<?php echo urlencode(the_content_limit(100, “”));?>”><img src=”http://zitatezumnachdenken.com/wp-content/uploads/2013/04/twittersmall.png” alt=”twitter”></a> Although, the_content_limit looks like it probably echos (based on your usage) instead of returning a string, which you will need. So I expect you will have to find that function and … Read more

Does balanceTags() provide any escaping / protection?

Right, so it will simply do its best to close any unclosed tag – that’s it. Nothing more. As you can see if you look at the source code, all the function does is make sure to balance out the tags that might not be. It’s also explained in the codex. (“force_balance_tags” is the real … Read more

Best Practice for Validating and Sanitizing Data

Inputs need to be validated/sanitized before making any execution flow decision based on it. Actually a +100 to the reviewer that caught it (or whoever wrote the automated tool) as I would have missed it. Sanitization is something that needs context. Just because function A does a sanitization in the context of storing an displaying … Read more

Data validation

I think the common issue (that I myself have at times) with understanding data validation that we try to approach it as function-centric (which one to use), while it should be approached as process: where data comes from where it goes what unwanted and/or harmful things it might include The confusing amount of function comes … Read more

wordpress site validation errors

It appears you are using an HTML 5 theme. The W3C doesn’t validate all HTML output even though it might be “valid code”. The errors you’ve sent are generated by WordPress and most can be removed fairly easy by de-registering the WordPress Hooks which are causing them. The hooks are used to achieve things like … Read more

Inconsistent server code response using HTTP API

Disclaimer: I can’t give you a real explanation why this happens. I investigated this issue multiple times and (like you) didn’t even get a consistent error behavior. Anyway: Every sort of RESTful remote request using a remote API is painful and error prone – it simply highly depends what the counter part gives you… not. … Read more

Multiple register settings, with same option name – issue

Data Validation: Always escape late / escape HTML Code

I share your frustration. Not because I believe they are wrong (per se), but because late escaping makes for a really awful developer experience and hard to read code. There is currently a shared agreement among most professional-level WordPress developers that late escaping is the gold standard for output security: 10up on Late Escaping WordPress … Read more

Data Validation

Is ‘sql injection’ already a part of that function or do I need to add my own code? When inserting input to the database you should use prepare method of WPDB class which supports both a sprintf() – like and vsprintf() -like syntax. read more at the codex Are there wordpress form input validation functions … Read more

What is wp_check_invalid_utf8?

It’s used by sanitize_text_field function to Sanitize a string from user input or from the db.

+ More