“the_title” in a DIR reference… dangerous?

  • delinquentme

    (@delinquentme)


    16 years ago

    so im running around my apt HIP THRUSTING the air bc i finally got this page to automatically populate …

    CHECK IT OUT:
    http://testing.black-glass.com/?page_id=7

    the images! they automatically populate using the page title

    NOW the question is since im using the image reference in this manner …will this come back to bite me in the butt somehow? 

    <img src="<?php bloginfo('template_directory'); ?>/images/portfolio/WEB/<?php the_title(); ?>/<?php the_title(); ?>_thumb01.gif" class="spacer10"/>
Viewing 3 replies - 1 through 3 (of 3 total)
  • mrmist

    (@mrmist)

    16 years ago

    I think you should be ok because WordPress should santizie these values for you and (one would suspect) if they are broken then you’d not get to the point of page rendering. However, as a test I would make sure that I tested various fake URLs such as URLs with titles with javascript embedded in them to see what (if anything) happened.

    Frumph

    (@frumph)

    16 years ago

    Absolutely the wrong thing to do.

    The titles have too much of a variance in the name that can be used that are non-URI safe.

    I suggest using get_the_ID() or $post->ID

    and it will be the #.jpg or whatever you choose to be based on the ID# of the post itself, less problems.

    Also in your <body> tag put

    <body <?php if (function_exists('body_class')) { body_class(); } ?>>

    it will give you some unique classes to start out your CSS with that can manipulate your CSS individually for certain instances.

    Frumph

    (@frumph)

    16 years ago

    the_title() is unsanitized, it’s the output.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘“the_title” in a DIR reference… dangerous?’ is closed to new replies.

  • 3 replies
  • 3 participants
  • Last reply from: Frumph
  • Last activity: 16 years ago
  • Status: not resolved