[wp-hackers] Plugin Data Sanitization
Chip Bennett
chip at chipbennett.net
Tue Dec 21 20:17:49 UTC 2010
All,
I am trying to modernize a rather old Plugin, part of which includes
updating the Plugin options to use the Settings API properly, and to ensure
that all user data are sanitized and validated properly.
To that end, I have two user settings, one raw CSS and the other a URL query
string, that I am somewhat unsure if I'm sanitizing properly. I'm passing
the raw CSS through wp_filter_nohtml_kses() and the URL query string through
urlencode().
I have a third user setting that is a TLA, selected from a known, finite
array of TLAs. I'm sanitizing this setting as follows:
$valid_translations = implode( '|', array_keys( $scripturizer_translations )
);
$valid_input['default_translation'] = ( strpos( $valid_translations,
$input['default_translation'] ) !== false ? $input['default_translation'] :
$scripturizer_options_default['default_translation'] );
Where $scripturizer_translations is the array of TLAs.
With all three, am I on the right track? The wrong track? Is there a
better/more-preferred way to sanitize such data?
Thanks,
Chip
More information about the wp-hackers
mailing list