[wp-hackers] Saving input from untrusted users

Ken (WraithKenny) ken.adcstudio at gmail.com
Tue Dec 21 17:12:47 UTC 2010


General tips are the best! I was going about it trying to stuff
everything in on save, so I'll break that up the way you suggest (it
does make more sense that way I suppose). The files I've been reading
are mainly default-filters.php and kses.php while the sanitize_*
functions are scattered about everywhere. (I had at some point known
about the sanitize* functions but then got distracted in the kses,
absint, esc_url_raw and forgot about them :-\ )

Reading 'sanitize_text_field()' it looks like the sanitize functions
call kses functions so I guess I don't need to call it twice.
(although, paranoia prompts me to want to stack every one I can find
onto the input save :-D )

What I've got so far should get me going though, thanks Andrew!


More information about the wp-hackers mailing list