[wp-hackers] Plugin Data Sanitization

Chip Bennett chip at chipbennett.net
Tue Dec 21 20:17:49 UTC 2010


I am trying to modernize a rather old Plugin, part of which includes
updating the Plugin options to use the Settings API properly, and to ensure
that all user data are sanitized and validated properly.

To that end, I have two user settings, one raw CSS and the other a URL query
string, that I am somewhat unsure if I'm sanitizing properly. I'm passing
the raw CSS through wp_filter_nohtml_kses() and the URL query string through

I have a third user setting that is a TLA, selected from a known, finite
array of TLAs. I'm sanitizing this setting as follows:

$valid_translations = implode( '|', array_keys( $scripturizer_translations )

 $valid_input['default_translation'] = ( strpos( $valid_translations,
$input['default_translation'] ) !== false ? $input['default_translation'] :
$scripturizer_options_default['default_translation'] );

Where $scripturizer_translations is the array of TLAs.

With all three, am I on the right track? The wrong track? Is there a
better/more-preferred way to sanitize such data?



More information about the wp-hackers mailing list