admin管理员组

文章数量:1125391

For security purposes, we're mostly using the wordpress json api to display our posts/categories and we went to remove any malicious tags. I'm a bit unfamiliar with WP development... but what I'm trying to achieve is basically:

  1. Query all current posts
  2. Run wp_kses on all the post's content?

What I'm trying so far in functions.php

  $post_args = array(
    'posts_per_page' => -1
  );
  $post_query = new WP_Query($post_args);

  while( $post_query->have_posts()): $post_query->the_post();
    // wp_kses the content here???
  endwhile;

I'm not entirely sure where go from here.

For security purposes, we're mostly using the wordpress json api to display our posts/categories and we went to remove any malicious tags. I'm a bit unfamiliar with WP development... but what I'm trying to achieve is basically:

  1. Query all current posts
  2. Run wp_kses on all the post's content?

What I'm trying so far in functions.php

  $post_args = array(
    'posts_per_page' => -1
  );
  $post_query = new WP_Query($post_args);

  while( $post_query->have_posts()): $post_query->the_post();
    // wp_kses the content here???
  endwhile;

I'm not entirely sure where go from here.

  • posts
  • wp-kses
Share Improve this question edited Jun 11, 2020 at 20:22 killua asked Jun 11, 2020 at 19:51 killuakillua 112 bronze badges 4
  • Why do you want to do this? – vancoder Commented Jun 11, 2020 at 19:59
  • 1 @vancoder For security purposes. We're mostly using the wordpress json api to display our posts and we went to remove any malicious tags as it gets sent through the api. I'll update my question with the intent. – killua Commented Jun 11, 2020 at 20:13
  • Can you use the_content filter hook? – Howdy_McGee Commented Jun 11, 2020 at 20:29
  • Why would your posts contain malicious tags? If you’ve been compromised this isn’t a sufficient fix. – Jacob Peattie Commented Jun 11, 2020 at 21:37
Add a comment  | 

1 Answer 1

Reset to default 1

from https://stackoverflow.com/a/66561796/1875965 and using https://developer.wordpress.org/reference/classes/wp_query/

use either wp_kses_post or wp_kses

if using wp_kses, you can specify an allow list of html tags, or use wp_kses( $content, 'post') for the default post html filtering

once in your loop, you'd have access to $post so you can do

while( $post_query->have_posts()): $post_query->the_post();
    $clear_post = wp_kses( $post->content, $allowed_html );
    wp_reset_postdata(); //because we're using the_post

    // do stuff with cleared post content.

endwhile;

though you might want to consider a different loop, like

$all_posts = $post_query->get_posts();
foreach( $all_posts as $filter_post) {
 $clear_post = wp_kses_post( $filter_post->post_content );
  // do stuff with cleared post content.
}

the above specifically uses the string in post_content, but there are possibly other values (post_title, post_excerpt, post_name (slug), meta data, custom fields) you'd want to sanitise

other related developer docs https://developer.wordpress.org/reference/functions/wp_kses/ https://developer.wordpress.org/reference/functions/wp_kses_post/

本文标签: wp ksesIs it possible to run wpkses on all posts

版权声明:本文标题:wp kses - Is it possible to run wp_kses on all posts? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736658253a1946311.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。