Support » Fixing WordPress » Custom fields – how secure are they?

  • Resolved richarduk

    (@richarduk)


    I’m using custom fields that can be accessed by anyone. How secure are they? Do I need to add any extra data validation e.g. esc_sql( $sql ) ?

Viewing 1 replies (of 1 total)
  • I took an educated guess that custom fields are secure from malicious people. The only thing I did was strip out everything except strong elements.

    $allowed_html = array('strong' => array());
    $meta = wp_kses($meta, $allowed_html);
    //  Remove anything except the <strong></strong> element.
    // Thanks to:  http://ottopress.com/2010/wp-quickie-kses/
Viewing 1 replies (of 1 total)
  • The topic ‘Custom fields – how secure are they?’ is closed to new replies.