Support » Plugins and Hacks » Widget Security

Widget Security

  • Greets:

    This is more a topic probably for the WPMU forums but I wanted to get some feedback from over here since we have folks here who understand the WP code.

    I’ve been hacking together some widgets for my clients at their request and I’m just wondering what filters we should be sending user text input for security purposes.

    I hacked together some widgets and would like some one to take a look at them before I drop them into general use. I’m concerned about the titles of the widgets as they are where users would be inputing their text. To me, that would be the point where a hack attempt would be made.

    And, yes, I know I should have made all those into one single file. 🙂

    Thank you for your time,

Viewing 1 replies (of 1 total)
  • Why don’t you use ‘title_save_pre’ or ‘content_save_pre’, as WP applies kses to those, depending on the capabilities of the user (in other words it tests whether current_user_can('unfiltered_html'))?

Viewing 1 replies (of 1 total)
  • The topic ‘Widget Security’ is closed to new replies.