Sanitizing, Validating and Escaping in WordPress Themes and Plugins
-
Upload
micah-wood -
Category
Technology
-
view
1.684 -
download
1
description
Transcript of Sanitizing, Validating and Escaping in WordPress Themes and Plugins
Sanitizing, Validating and Escapingin WordPress Themes and Plugins
by Micah Wood @wpscholar
wpscholar.com/wpyall2014
SanitizationCleaning user input
Sanitization Example
Sanitize Text Fields
Sanitize URL Slugs
Sanitize URLs
Sanitize Emails
Sanitize HTML Classes
Sanitize HTML
Other Sanitization Functions• sanitize_file_name() • sanitize_key() • sanitize_mime_type() • sanitize_sql_orderby() • sanitize_title_for_query() • sanitize_title_with_dashes() • sanitize_user()
ValidationChecking user input
Validation Example
Data Type
Validate HTML
Validate Meta
Validate Capability
Validate Option
Validate Intention
EscapingSecuring output
Escape HTML Attributes
Escape HTML Attributes
Escape HTML
Escape HTML
Escape URLs
Escape Textareas
Escape Inline JavaScript
Escape SQL Queries
Escape SQL Queries
Escape SQL Queries
Escape SQL Queries
Escape SQL Queries
Tips• Search for echo $ and echo get_ • Use VIP Scanner if you are creating a theme
Trust WordPress
Questions?