_sanitize_text_fields

函数


      _sanitize_text_fields ( $str, $keep_newlines = false )

Access: Private

参数

(string) $str String to sanitize.

Required: 是
(bool) $keep_newlines Optional. Whether to keep newlines. Default: false.

Required: 否

Default: false

返回值

(string) Sanitized string.

定义位置

wp-includes/formatting.php , line 5475

相关方法: sanitize_text_field sanitize_textarea_field sanitize_term_field sanitize_post_field sanitize_user_field

引入: 4.7.0

弃用: -

_sanitize_text_fields: 这个函数用于通过删除任何HTML标签和其他潜在的危险字符来对文本字段进行净化。它被用来对表格和其他用户输入的信息进行净化。

内部辅助函数，对来自用户输入或数据库的字符串进行净化处理。

function _sanitize_text_fields( $str, $keep_newlines = false ) {
	if ( is_object( $str ) || is_array( $str ) ) {
		return '';
	}

	$str = (string) $str;

	$filtered = wp_check_invalid_utf8( $str );

	if ( strpos( $filtered, '<' ) !== false ) {
		$filtered = wp_pre_kses_less_than( $filtered );
		// This will strip extra whitespace for us.
		$filtered = wp_strip_all_tags( $filtered, false );

		// Use HTML entities in a special case to make sure no later
		// newline stripping stage could lead to a functional tag.
		$filtered = str_replace( "<n", "&lt;n", $filtered );
	}

	if ( ! $keep_newlines ) {
		$filtered = preg_replace( '/[rnt ]+/', ' ', $filtered );
	}
	$filtered = trim( $filtered );

	$found = false;
	while ( preg_match( '/%[a-f0-9]{2}/i', $filtered, $match ) ) {
		$filtered = str_replace( $match[0], '', $filtered );
		$found    = true;
	}

	if ( $found ) {
		// Strip out the whitespace that may now exist after removing the octets.
		$filtered = trim( preg_replace( '/ +/', ' ', $filtered ) );
	}

	return $filtered;
}

_sanitize_text_fields

WP开发教程