[theme-reviewers] theme option validation
justin at justintadlock.com
Sat Apr 28 16:25:28 UTC 2012
No. It's impossible for WordPress to know what type of data you're
saving. Therefore, it's impossible for WordPress to handle sanitizing
the data for you. WordPress provides you some basic functions for this
sort of thing, but it's up to you to use them.
On 4/28/2012 9:27 AM, // ravi wrote:
> On Apr 27, 2012, at 8:11 PM, Justin Tadlock wrote:
>> I'd be lenient as long as it's secure and works. Then, just provide a note about what it should be changed to in the next update.
>> On 4/27/2012 12:16 PM, Kirk Wight wrote:
>>> Hi all,
>>> How lenient are others towards validation with theme options? I'm doing a review in which options are sanitized on input using wp_filter_nohtml_kses(), but not validated for their purpose - they're supposed to be social media URLs, but whatever the user enters is simply echoed out, whether it's a valid URL or not. Should it be sanitized on output with esc_url() also?..
> Shouldn’t the WP hooks/functions for adding theme options do this sort of thing (sanitising), and not leave it to the theme author?
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
More information about the theme-reviewers