sanitize_post_field
函数
sanitize_post_field ( $field, $value, $post_id, $context = 'display' )
- 参数
-
-
(string)
$field
The Post Object field name.- Required: 是
-
(mixed)
$value
The Post Object value.- Required: 是
-
(int)
$post_id
Post ID.- Required: 是
-
(string)
$context
Optional. How to sanitize the field. Possible values are ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. Default ‘display’.- Required: 否
- Default: ‘display’
-
(string)
- 返回值
-
- (mixed) Sanitized value.
- 定义位置
-
-
wp-includes/post.php
, line 2744
-
wp-includes/post.php
- 引入
- 2.3.0
- 弃用
- –
根据上下文对一个文章字段去除一些不安全的输入。
可能的背景值是’raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ 和 ‘js’。默认使用 ‘display’ 上下文。在调用过滤器时,’attribute’和’js’上下文与’display’的处理方式相同。
function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { $int_fields = array( 'ID', 'post_parent', 'menu_order' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } // Fields which contain arrays of integers. $array_int_fields = array( 'ancestors' ); if ( in_array( $field, $array_int_fields, true ) ) { $value = array_map( 'absint', $value ); return $value; } if ( 'raw' === $context ) { return $value; } $prefixed = false; if ( false !== strpos( $field, 'post_' ) ) { $prefixed = true; $field_no_prefix = str_replace( 'post_', '', $field ); } if ( 'edit' === $context ) { $format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' ); if ( $prefixed ) { /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "edit_{$field}", $value, $post_id ); /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to * the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); } else { $value = apply_filters( "edit_post_{$field}", $value, $post_id ); } if ( in_array( $field, $format_to_edit, true ) ) { if ( 'post_content' === $field ) { $value = format_to_edit( $value, user_can_richedit() ); } else { $value = format_to_edit( $value ); } } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "pre_{$field}", $value ); /** * Filters the value of a specific field before saving. * * The dynamic portion of the hook name, `$field_no_prefix`, refers * to the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); } else { $value = apply_filters( "pre_post_{$field}", $value ); /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field}_pre", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** * Filters the value of a specific post field for display. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the prefixed post field. * @param int $post_id Post ID. * @param string $context Context for how to sanitize the field. * Accepts 'raw', 'edit', 'db', 'display', * 'attribute', or 'js'. Default 'display'. */ $value = apply_filters( "{$field}", $value, $post_id, $context ); } else { $value = apply_filters( "post_{$field}", $value, $post_id, $context ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; }
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。