[wp-hackers] Sanitizing PHP code snippets in meta

Drew xoodrew at gmail.com
Sun Aug 19 22:06:11 UTC 2012


Hey all,

I'm working on a project where I need to store PHP code snippets in meta
for a custom post type.

I'll be using a textarea field for entry in deference to wp_editor (mostly
due to wanting to use a syntax highlighter).

Just wondering whether I need to sanitize that data in some way before
storing it in the database. I don't know if some form of kses is already
being run on custom fields and whether there's a security/stability
argument to be made about storing or not storing code snippets in this way.

Appreciate any insight,

Drew


More information about the wp-hackers mailing list