WordPress.org

Ready to get started?Download WordPress

Forums

How secure/sanitized is wp_insert_post() (1 post)

  1. Tom Auger
    Member
    Posted 3 years ago #

    Looking at the Codex for wp_insert_post() it states that this function "...sanitizes variables, does some checks, fills in missing variables like date/time, etc. "

    Just wondering whether I need to do any further sanitization to prevent XSS hacks and the like or whether enough is being done through the function.

    To be honest, I've checked through the function in core and haven't found any wp_kses() or other sanitization on post_content for example, so I'm a little concerned. All I can see that it does is stripslashes_deep() on the data.

    So should I be running wp_kses() or anything else when I build my arguments to wp_insert_post()?

    What's the best practice here? The Codex is pretty cavalier about security in its example.

    Thanks

Topic Closed

This topic has been closed to new replies.

About this Topic