The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

[resolved] Sanitzing user input with kses (3 posts)

  1. billsaysthis
    Posted 6 years ago #

    I'm writing a plugin and need to sanitize user-supplied value for one of the options. The string can use some basic HTML tags and href can go to either http or https but that's all. So I'm writing a custom callback based on OZH's great article.

    However all I can manage to get is the initial < being converted to an ampersand.

    Code is next, can someone advise on what I should do differently?


    function km_msg_filter($inp) {
      $allowed = array('a' => array(),'b' => array(),'strong' => array(),'i' => array(),'em' => array());
      $prot = array('http','https');
      $inp[0] = wp_kses($inp[0], $allowed, $prot);
      return $inp;
  2. Michael Fields
    Posted 6 years ago #

    you are using $inp[0] instead of $inp in the following line:

    $inp[0] = wp_kses($inp[0], $allowed, $prot);

  3. billsaysthis
    Posted 6 years ago #

    Weird, thought I tried that originally--works now but didn't previously.


Topic Closed

This topic has been closed to new replies.

About this Topic