WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Sanitzing user input with kses (3 posts)

  1. billsaysthis
    Member
    Posted 4 years ago #

    I'm writing a plugin and need to sanitize user-supplied value for one of the options. The string can use some basic HTML tags and href can go to either http or https but that's all. So I'm writing a custom callback based on OZH's great article.

    However all I can manage to get is the initial < being converted to an ampersand.

    Code is next, can someone advise on what I should do differently?

    Thanks!

    function km_msg_filter($inp) {
      $allowed = array('a' => array(),'b' => array(),'strong' => array(),'i' => array(),'em' => array());
      $prot = array('http','https');
      $inp[0] = wp_kses($inp[0], $allowed, $prot);
      return $inp;
    }
  2. Michael Fields
    Themer
    Posted 4 years ago #

    you are using $inp[0] instead of $inp in the following line:

    $inp[0] = wp_kses($inp[0], $allowed, $prot);

  3. billsaysthis
    Member
    Posted 4 years ago #

    Weird, thought I tried that originally--works now but didn't previously.

    Thanks!

Topic Closed

This topic has been closed to new replies.

About this Topic