[wp-hackers] User input in a WordPress Plugin
Robert Deaton
false.hopes at gmail.com
Wed Oct 18 19:27:27 GMT 2006
On 10/18/06, Kirk Montgomery <clarke1866 at gmail.com> wrote:
> Greetings,
>
> I am developing a plugin and would like to allow admin users to enter
> text in a form (in the administration), have it saved to the DB, and
> then output it wherever needed. I have everything as I like it except
> that if the user wants to have markup in the text (as submitted by the
> backend form) then things go funny. It looks like update_option is
> sanitizing the input an striping out dangerous input. Probably a good
> idea.
>
> My question, is there a way to allow users to use only certain markup
> like a href and IMG?
Filter it with the kses library. See wp-includes/kses.php
--
--Robert Deaton
More information about the wp-hackers
mailing list