WordPress.org

Ready to get started?Download WordPress

Forums

Widget Security (2 posts)

  1. drmike
    Member
    Posted 7 years ago #

    Greets:

    This is more a topic probably for the WPMU forums but I wanted to get some feedback from over here since we have folks here who understand the WP code.

    I've been hacking together some widgets for my clients at their request and I'm just wondering what filters we should be sending user text input for security purposes.

    I hacked together some widgets and would like some one to take a look at them before I drop them into general use. I'm concerned about the titles of the widgets as they are where users would be inputing their text. To me, that would be the point where a hack attempt would be made.

    And, yes, I know I should have made all those into one single file. :)

    Thank you for your time,
    -drmike

  2. Austin Matzko
    Member
    Posted 7 years ago #

    Why don't you use 'title_save_pre' or 'content_save_pre', as WP applies kses to those, depending on the capabilities of the user (in other words it tests whether current_user_can('unfiltered_html'))?

Topic Closed

This topic has been closed to new replies.

About this Topic