[wp-hackers] Sanitizing PHP code snippets in meta
wp-hackers at thecodecave.com
Mon Aug 20 00:56:53 UTC 2012
Not when you are putting it in the database, but DEFINITELY any time you
Sending it through esc_html() before display would be good.
On 8/19/2012 6:06 PM, Drew wrote:
> Hey all,
> I'm working on a project where I need to store PHP code snippets in meta
> for a custom post type.
> I'll be using a textarea field for entry in deference to wp_editor (mostly
> due to wanting to use a syntax highlighter).
> Just wondering whether I need to sanitize that data in some way before
> storing it in the database. I don't know if some form of kses is already
> being run on custom fields and whether there's a security/stability
> argument to be made about storing or not storing code snippets in this way.
> Appreciate any insight,
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers