WordPress › Support » Sanitzing user input with kses

billsaysthis
Member
Posted 2 years ago #

I'm writing a plugin and need to sanitize user-supplied value for one of the options. The string can use some basic HTML tags and href can go to either http or https but that's all. So I'm writing a custom callback based on OZH's great article.

However all I can manage to get is the initial < being converted to an ampersand.

Code is next, can someone advise on what I should do differently?

Thanks!

function km_msg_filter($inp) {
  $allowed = array('a' => array(),'b' => array(),'strong' => array(),'i' => array(),'em' => array());
  $prot = array('http','https');
  $inp[0] = wp_kses($inp[0], $allowed, $prot);
  return $inp;
}

Michael Fields
Theme Wrangler
Posted 2 years ago #

you are using $inp[0] instead of $inp in the following line:

$inp[0] = wp_kses($inp[0], $allowed, $prot);

billsaysthis
Member
Posted 2 years ago #

Weird, thought I tried that originally--works now but didn't previously.

Thanks!

WordPress.org

Forums

[resolved] Sanitzing user input with kses (3 posts)

Topic Closed

About this Topic

Tags

Code is Poetry