[wp-hackers] User input in a WordPress Plugin

Robert Deaton false.hopes at gmail.com
Wed Oct 18 19:27:27 GMT 2006

On 10/18/06, Kirk Montgomery <clarke1866 at gmail.com> wrote:
> Greetings,
> I am developing a plugin and would like to allow admin users to enter
> text in a form (in the administration), have it saved to the DB, and
> then output it wherever needed.  I have everything as I like it except
> that if the user wants to have markup in the text (as submitted by the
> backend form) then things go funny.  It looks like update_option is
> sanitizing the input an striping out dangerous input.  Probably a good
> idea.
> My question, is there a way to allow users to use only certain markup
> like a href and IMG?

Filter it with the kses library. See wp-includes/kses.php

--Robert Deaton

More information about the wp-hackers mailing list