Home

sanitize_post

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_post($post, $context = 'display') {}

Sanitize every post field.
If the context is ‘raw’, then the post object or array will get minimal santization of the int fields.

Parameters

  • object|array $post: The Post Object or Array
  • string $context: Optional, default is ‘display’. How to sanitize post fields.

Return values

returns:The now sanitized Post Object or Array (will be the same type as $post)

Source code

function sanitize_post($post, $context = 'display') {

	if ( is_object($post) ) {

		// Check if post already filtered for this context

		if ( isset($post->filter) && $context == $post->filter )

			return $post;

		if ( !isset($post->ID) )

			$post->ID = 0;

		foreach ( array_keys(get_object_vars($post)) as $field )

			$post->$field = sanitize_post_field($field, $post->$field, $post->ID, $context);

		$post->filter = $context;

	} else {

		// Check if post already filtered for this context

		if ( isset($post['filter']) && $context == $post['filter'] )

			return $post;

		if ( !isset($post['ID']) )

			$post['ID'] = 0;

		foreach ( array_keys($post) as $field )

			$post[$field] = sanitize_post_field($field, $post[$field], $post['ID'], $context);

		$post['filter'] = $context;

	}

	return $post;

}

2779

/wp-includes/post.php, Documentation, Files, Functions, Functions by letter s
,

sanitize_option

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_option($option, $value) {}

Sanitises various option values based on the nature of the option.
This is basically a switch statement which will pass $value through a number of functions depending on the $option.

Parameters

  • string $option: The name of the option.
  • string $value: The unsanitised value.

Return values

returns:Sanitized value.

Defined filters

  • sanitize_option_{$option}
    apply_filters("sanitize_option_{$option}", $value, $option)

Source code

function sanitize_option($option, $value) {



	switch ( $option ) {

		case 'admin_email':

			$value = sanitize_email($value);

			if ( !is_email($value) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));

			}

			break;



		case 'new_admin_email':

			$value = sanitize_email($value);

			if ( !is_email($value) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('new_admin_email', 'invalid_admin_email', __('The email address entered did not appear to be a valid email address. Please enter a valid email address.'));

			}

			break;



		case 'thumbnail_size_w':

		case 'thumbnail_size_h':

		case 'medium_size_w':

		case 'medium_size_h':

		case 'large_size_w':

		case 'large_size_h':

		case 'embed_size_h':

		case 'default_post_edit_rows':

		case 'mailserver_port':

		case 'comment_max_links':

		case 'page_on_front':

		case 'page_for_posts':

		case 'rss_excerpt_length':

		case 'default_category':

		case 'default_email_category':

		case 'default_link_category':

		case 'close_comments_days_old':

		case 'comments_per_page':

		case 'thread_comments_depth':

		case 'users_can_register':

		case 'start_of_week':

			$value = absint( $value );

			break;



		case 'embed_size_w':

			if ( '' !== $value )

				$value = absint( $value );

			break;



		case 'posts_per_page':

		case 'posts_per_rss':

			$value = (int) $value;

			if ( empty($value) )

				$value = 1;

			if ( $value < -1 )

				$value = abs($value);

			break;



		case 'default_ping_status':

		case 'default_comment_status':

			// Options that if not there have 0 value but need to be something like "closed"

			if ( $value == '0' || $value == '')

				$value = 'closed';

			break;



		case 'blogdescription':

		case 'blogname':

			$value = addslashes($value);

			$value = wp_filter_post_kses( $value ); // calls stripslashes then addslashes

			$value = stripslashes($value);

			$value = esc_html( $value );

			break;



		case 'blog_charset':

			$value = preg_replace('/[^a-zA-Z0-9_-]/', '', $value); // strips slashes

			break;



		case 'date_format':

		case 'time_format':

		case 'mailserver_url':

		case 'mailserver_login':

		case 'mailserver_pass':

		case 'ping_sites':

		case 'upload_path':

			$value = strip_tags($value);

			$value = addslashes($value);

			$value = wp_filter_kses($value); // calls stripslashes then addslashes

			$value = stripslashes($value);

			break;



		case 'gmt_offset':

			$value = preg_replace('/[^0-9:.-]/', '', $value); // strips slashes

			break;



		case 'siteurl':

			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {

				$value = esc_url_raw($value);

			} else {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('siteurl', 'invalid_siteurl', __('The WordPress address you entered did not appear to be a valid URL. Please enter a valid URL.'));

			}

			break;



		case 'home':

			if ( (bool)preg_match( '#http(s?)://(.+)#i', $value) ) {

				$value = esc_url_raw($value);

			} else {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('home', 'invalid_home', __('The Site address you entered did not appear to be a valid URL. Please enter a valid URL.'));

			}

			break;



		case 'WPLANG':

			$allowed = get_available_languages();

			if ( ! in_array( $value, $allowed ) && ! empty( $value ) )

				$value = get_option( $option );

			break;



		case 'timezone_string':

			$allowed_zones = timezone_identifiers_list();

			if ( ! in_array( $value, $allowed_zones ) && ! empty( $value ) ) {

				$value = get_option( $option ); // Resets option to stored value in the case of failed sanitization

				if ( function_exists('add_settings_error') )

					add_settings_error('timezone_string', 'invalid_timezone_string', __('The timezone you have entered is not valid. Please select a valid timezone.') );

			}

			break;



		case 'permalink_structure':

		case 'category_base':

		case 'tag_base':

			$value = esc_url_raw( $value );

			$value = str_replace( 'http://', '', $value );

			break;

	}



	$value = apply_filters("sanitize_option_{$option}", $value, $option);

2777

/wp-includes/formatting.php, Documentation, Files, Filters, Filters by letter s, Functions, Functions by letter s
, ,

sanitize_key

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_key( $key ) {}

Sanitize a string key.
Keys are used as internal identifiers. Lowercase alphanumeric characters, dashes and underscores are allowed.

Parameters

  • string $key: String key

Return values

returns:Sanitized key

Defined filters

  • sanitize_key
    apply_filters( 'sanitize_key', $key, $raw_key )

Source code

function sanitize_key( $key ) {

	$raw_key = $key;

	$key = strtolower( $key );

	$key = preg_replace( '/[^a-z0-9_\-]/', '', $key );

	return apply_filters( 'sanitize_key', $key, $raw_key );

}

2775

/wp-includes/formatting.php, Documentation, Files, Filters, Filters by letter s, Functions, Functions by letter s
,

sanitize_html_class

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_html_class( $class, $fallback = '' ) {}

Santizes a html classname to ensure it only contains valid characters
Strips the string down to A-Z,a-z,0-9,_,-. If this results in an empty string then it will return the alternative value supplied.

Parameters

  • string $class: The classname to be sanitized
  • string $fallback: Optional. The value to return if the sanitization end’s up as an empty string. Defaults to an empty string.

Return values

returns:The sanitized value

Defined filters

  • sanitize_html_class
    apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback )

Source code

function sanitize_html_class( $class, $fallback = '' ) {

	//Strip out any % encoded octets

	$sanitized = preg_replace( '|%[a-fA-F0-9][a-fA-F0-9]|', '', $class );



	//Limit to A-Z,a-z,0-9,_,-

	$sanitized = preg_replace( '/[^A-Za-z0-9_-]/', '', $sanitized );



	if ( '' == $sanitized )

		$sanitized = $fallback;



	return apply_filters( 'sanitize_html_class', $sanitized, $class, $fallback );

}

2773

/wp-includes/formatting.php, Documentation, Files, Filters, Filters by letter s, Functions, Functions by letter s
,

sanitize_file_name

February 12, 2011 by Thorsten 0 Comments

Definition:
function sanitize_file_name( $filename ) {}

Sanitizes a filename replacing whitespace with dashes
Removes special characters that are illegal in filenames on certain operating systems and special characters requiring special escaping to manipulate at the command line. Replaces spaces and consecutive dashes with a single dash. Trim period, dash and underscore from beginning and end of filename.

Parameters

  • string $filename: The filename to be sanitized

Return values

returns:The sanitized filename

Defined filters

  • sanitize_file_name_chars
    apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw)
  • sanitize_file_name
    apply_filters('sanitize_file_name', $filename, $filename_raw)
  • sanitize_file_name
    apply_filters('sanitize_file_name', $filename, $filename_raw)

Source code

function sanitize_file_name( $filename ) {

	$filename_raw = $filename;

	$special_chars = array("?", "[", "]", "/", "\\", "=", "<", ">", ":", ";", ",", "'", "\"", "&", "$", "#", "*", "(", ")", "|", "~", "`", "!", "{", "}", chr(0));

	$special_chars = apply_filters('sanitize_file_name_chars', $special_chars, $filename_raw);

	$filename = str_replace($special_chars, '', $filename);

	$filename = preg_replace('/[\s-]+/', '-', $filename);

	$filename = trim($filename, '.-_');



	// Split the filename into a base and extension[s]

	$parts = explode('.', $filename);



	// Return if only one extension

	if ( count($parts) <= 2 )

		return apply_filters('sanitize_file_name', $filename, $filename_raw);



	// Process multiple extensions

	$filename = array_shift($parts);

	$extension = array_pop($parts);

	$mimes = get_allowed_mime_types();



	// Loop over any intermediate extensions.  Munge them with a trailing underscore if they are a 2 - 5 character

	// long alpha string not in the extension whitelist.

	foreach ( (array) $parts as $part) {

		$filename .= '.' . $part;



		if ( preg_match("/^[a-zA-Z]{2,5}\d?$/", $part) ) {

			$allowed = false;

			foreach ( $mimes as $ext_preg => $mime_match ) {

				$ext_preg = '!^(' . $ext_preg . ')$!i';

				if ( preg_match( $ext_preg, $part ) ) {

					$allowed = true;

					break;

				}

			}

			if ( !$allowed )

				$filename .= '_';

		}

	}

	$filename .= '.' . $extension;



	return apply_filters('sanitize_file_name', $filename, $filename_raw);

}

2771

/wp-includes/formatting.php, Documentation, Files, Filters, Filters by letter s, Functions, Functions by letter s
, , ,
Newer Entries
Older Entries