sanitization callback – what am I doing wrong? | WordPress.org

Resolved A. Jones
(@nomadcoder)

10 years, 11 months ago

I’ve looked at a ton of search results. I’ve tried ‘sanitize_text_field’ and ‘esc_textarea’. What am I doing wrong?

Found a Customizer setting that did not have a sanitization callback function. Every call to the add_setting() method needs to have a sanitization callback function passed.

$wp_customize->add_setting( ‘some_text_here’,
array(
‘default’ => “my text”,
‘type’ => ‘theme_mod’,
‘capability’ => ‘edit_theme_options’,
‘transport’ => ‘refresh’,
‘sanitize_callback’ => ‘esc_textarea’
)
);

https://wordpress.org/plugins/theme-check/

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter A. Jones
(@nomadcoder)

10 years, 11 months ago

The default text has a semi-colon and an @ sign in it. In other words, a @copy; copyright symbol. If I remove this, it passes the theme check. esc_html still gives me an error.
Plugin Author Samuel Wood (Otto)
(@otto42)

WordPress.org Admin

10 years, 11 months ago
This is a known issue with that particular check.

If you move your default text into a variable outside that function call, then the check will pass. Example:
```
$defaulttext = "my text";
$wp_customize->add_setting( 'some_text_here',
array(
'default' => $defaulttext,
'type' => 'theme_mod',
'capability' => 'edit_theme_options',
'transport' => 'refresh',
'sanitize_callback' => 'esc_textarea'
)
);
```
Also, note that “my text” in this case should probably be translatable using the __() function.
Thread Starter A. Jones
(@nomadcoder)

10 years, 11 months ago

Excellent. Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘sanitization callback – what am I doing wrong?’ is closed to new replies.

Tags

3 replies
2 participants
Last reply from: A. Jones
Last activity: 10 years, 11 months ago
Status: resolved