Support » Plugins » Hacks » bypass sanitize_post from wp_insert_post!

  • Is there a way around the commit at http://core.trac.wordpress.org/changeset/18367 which prevents us from using filter => true when programatically inserting posts to wordpress.

    We are adding posts that include a small javascript that started getting stripped after the release of 3.1.4!

    Any ideas how to bypass this? There is talk of having to be logged in as an Admin, can this be done in a command line script? supposing we could do it, would it bypass the sanitize or is that a dead end too?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Ryan Boren

    (@ryan)

    WordPress Dev

    filter had to be unset due to security problems with it. You could try doing kses_remove_filters() before inserting the post and kses_init_filters() after inserting the post if you are trying to avoid the kses filtering of the post fields. Just be wary since that defeats most of the security measures for inserting posts.

    Thanks Ryan, that did the trick. The security concern is valid based on the input data my script uses; However the WordPress instance that I use this script for is purely there for cmd line purposes so it wouldn’t affect any HTTP requests to the live site in any way (if that was somehow possible otherwise, maybe if this was used in a plugin it would be possible to break the site).

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘bypass sanitize_post from wp_insert_post!’ is closed to new replies.