How secure/sanitized is wp_insert_post() | WordPress.org

Tom Auger
(@tomauger)

12 years, 8 months ago

Looking at the Codex for wp_insert_post() it states that this function “…sanitizes variables, does some checks, fills in missing variables like date/time, etc. “

Just wondering whether I need to do any further sanitization to prevent XSS hacks and the like or whether enough is being done through the function.

To be honest, I’ve checked through the function in core and haven’t found any wp_kses() or other sanitization on post_content for example, so I’m a little concerned. All I can see that it does is stripslashes_deep() on the data.

So should I be running wp_kses() or anything else when I build my arguments to wp_insert_post()?

What’s the best practice here? The Codex is pretty cavalier about security in its example.

Thanks

The topic ‘How secure/sanitized is wp_insert_post()’ is closed to new replies.

Tags

In: Hacks
0 replies
1 participant
Last reply from: Tom Auger
Last activity: 12 years, 8 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics