[theme-reviewers] theme option validation

Emil Uzelac emil at themeid.com
Fri Apr 27 17:55:10 UTC 2012


Yes sir it needs to be e.g.

$input['my_twitter_url'] = esc_url_raw($input['my_twitter_url']);

Emil

On Fri, Apr 27, 2012 at 12:16 PM, Kirk Wight <kwight at kwight.ca> wrote:

> Hi all,
>
> How lenient are others towards validation with theme options? I'm doing a
> review in which options are sanitized on input using
> wp_filter_nohtml_kses(), but not validated for their purpose - they're
> supposed to be social media URLs, but whatever the user enters is simply
> echoed out, whether it's a valid URL or not. Should it be sanitized on
> output with esc_url() also?..
>
> Thanks, I'm a little out of my league with options stuff.
>
> Thanks,
> Kirk
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120427/d6a060b6/attachment.htm>


More information about the theme-reviewers mailing list