bypass sanitize_post from wp_insert_post! (3 posts)

  1. pykler
    Posted 5 years ago #

    Is there a way around the commit at http://core.trac.wordpress.org/changeset/18367 which prevents us from using filter => true when programatically inserting posts to wordpress.

    We are adding posts that include a small javascript that started getting stripped after the release of 3.1.4!

    Any ideas how to bypass this? There is talk of having to be logged in as an Admin, can this be done in a command line script? supposing we could do it, would it bypass the sanitize or is that a dead end too?

  2. Ryan Boren
    WordPress Dev
    Posted 5 years ago #

    filter had to be unset due to security problems with it. You could try doing kses_remove_filters() before inserting the post and kses_init_filters() after inserting the post if you are trying to avoid the kses filtering of the post fields. Just be wary since that defeats most of the security measures for inserting posts.

  3. pykler
    Posted 5 years ago #

    Thanks Ryan, that did the trick. The security concern is valid based on the input data my script uses; However the WordPress instance that I use this script for is purely there for cmd line purposes so it wouldn't affect any HTTP requests to the live site in any way (if that was somehow possible otherwise, maybe if this was used in a plugin it would be possible to break the site).

Topic Closed

This topic has been closed to new replies.

About this Topic