admin管理员组

文章数量:1287646

I've searched through the similar questions but found nothing.

I've coded a meta box for adding custom URL's which get added to buttons on single posts but when the URL is added to the meta box field on the Edit Post screen and saved, it strips the URL from this :

To this :

httpexamplecom

I assume because of the sanitize_html_classes function which is used with the save_post function like this :

add_action( 'save_post', 'projecturl_save', 1, 2 );
function projecturl_save( $post_id, $post ) {

    if ( ! isset( $_POST['projecturl'] ) ) {
        return;
    }

    $data = wp_parse_args(
        
        $_POST['projecturl'],
        [
            '_custom_projecturl' => '',
        ]
    );

    $data = array_map( 'custom_sanitize_html_classes', $data );

    save_custom_fields( $data, 'projecturl_save', 'projecturl_nonce', $post );

}

I'm using a custom function save_sanitize_html_classes function but there's nothing in there that strips out anything so it must have something to do with the sanitize_html_classes function.

function custom_sanitize_html_classes( $classes, $return_format = 'input' ) {

    if ( 'input' === $return_format ) {
        $return_format = is_array( $classes ) ? 'array' : 'string';
    }

    $classes = is_array( $classes ) ? $classes : explode( ' ', $classes );

    $sanitized_classes = array_map( 'sanitize_html_class', $classes );

    if ( 'array' === $return_format ) {
        return $sanitized_classes;
    }

    return implode( ' ', $sanitized_classes );

}

I can remove sanitization ( and when i do it works ) but i prefer to filter it to exclude characters in URL's. Any help would be greatly appreciated.

I've searched through the similar questions but found nothing.

I've coded a meta box for adding custom URL's which get added to buttons on single posts but when the URL is added to the meta box field on the Edit Post screen and saved, it strips the URL from this :

http://example

To this :

httpexamplecom

I assume because of the sanitize_html_classes function which is used with the save_post function like this :

add_action( 'save_post', 'projecturl_save', 1, 2 );
function projecturl_save( $post_id, $post ) {

    if ( ! isset( $_POST['projecturl'] ) ) {
        return;
    }

    $data = wp_parse_args(
        
        $_POST['projecturl'],
        [
            '_custom_projecturl' => '',
        ]
    );

    $data = array_map( 'custom_sanitize_html_classes', $data );

    save_custom_fields( $data, 'projecturl_save', 'projecturl_nonce', $post );

}

I'm using a custom function save_sanitize_html_classes function but there's nothing in there that strips out anything so it must have something to do with the sanitize_html_classes function.

function custom_sanitize_html_classes( $classes, $return_format = 'input' ) {

    if ( 'input' === $return_format ) {
        $return_format = is_array( $classes ) ? 'array' : 'string';
    }

    $classes = is_array( $classes ) ? $classes : explode( ' ', $classes );

    $sanitized_classes = array_map( 'sanitize_html_class', $classes );

    if ( 'array' === $return_format ) {
        return $sanitized_classes;
    }

    return implode( ' ', $sanitized_classes );

}

I can remove sanitization ( and when i do it works ) but i prefer to filter it to exclude characters in URL's. Any help would be greatly appreciated.

  • custom-field
  • save-post
  • autosave
Share Improve this question edited Oct 20, 2021 at 13:22 fuxia 107k38 gold badges255 silver badges459 bronze badges asked Oct 20, 2021 at 8:36 Brad DaltonBrad Dalton 6,9672 gold badges36 silver badges47 bronze badges 8
  • But sanitize_html_classes is for class= attribute values. Why use that to sanitize URLs? – Rup Commented Oct 20, 2021 at 8:51
  • How would i sanitize URL's? I guess i could use esc_url_raw or esc_url but what if the user enters something other than a URL? – Brad Dalton Commented Oct 20, 2021 at 8:52
  • Why not use PHP's urlencode before the save, encoded characters are not striped (if I rememebr correctly) – Buttered_Toast Commented Oct 20, 2021 at 8:58
  • 1 wordpress.stackexchange/users/198152/tiago-calado Yes but happens if the user puts PHP or something else in there and NOT a URL? – Brad Dalton Commented Oct 22, 2021 at 8:21
  • 1 (For the future, if you want to flag us in a reply then that's @, e.g. @Rup for me. I didn't get any notification for the link. But there are some circumstances when it notifies us automatically, e.g. if there's only one comment or one poster here - you don't need it always.) – Rup Commented Oct 22, 2021 at 12:54
 |  Show 3 more comments

1 Answer 1

Reset to default 0

On input, esc_url_raw() is the correct function to use which replaces sanitize_url

Example :

$custom_field = esc_url_raw( get_post_meta( get_the_ID(), '_custom_url', true ) );

本文标签: custom fieldExclude URL39s from sanitizehtmlclasses

版权声明:本文标题:custom field - Exclude URL's from sanitize_html_classes 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741257451a2366957.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。