[wp-hackers] Sanitizing PHP code snippets in meta
Brian Layman
wp-hackers at thecodecave.com
Mon Aug 20 00:56:53 UTC 2012
Not when you are putting it in the database, but DEFINITELY any time you
display it.
Sending it through esc_html() before display would be good.
Brian Layman
On 8/19/2012 6:06 PM, Drew wrote:
> Hey all,
>
> I'm working on a project where I need to store PHP code snippets in meta
> for a custom post type.
>
> I'll be using a textarea field for entry in deference to wp_editor (mostly
> due to wanting to use a syntax highlighter).
>
> Just wondering whether I need to sanitize that data in some way before
> storing it in the database. I don't know if some form of kses is already
> being run on custom fields and whether there's a security/stability
> argument to be made about storing or not storing code snippets in this way.
>
> Appreciate any insight,
>
> Drew
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list