
WordPress插件开发入门基础教程
sanitize_post_field ( $field, $value, $post_id, $context = 'display' )
sanitize_post_field函数用于对WordPress中一个文章或一个页面的特定字段进行净化: 这个函数通常用于在数据被保存到数据库之前对其进行清理: 该函数需要三个参数:字段名,要净化的值,以及文章ID(可选): 该函数返回经过清理的值。
根据上下文对一个文章字段去除一些不安全的输入。
可能的背景值是’raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ 和 ‘js’。默认使用 ‘display’ 上下文。在调用过滤器时,’attribute’和’js’上下文与’display’的处理方式相同。
function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { $int_fields = array( 'ID', 'post_parent', 'menu_order' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } // Fields which contain arrays of integers. $array_int_fields = array( 'ancestors' ); if ( in_array( $field, $array_int_fields, true ) ) { $value = array_map( 'absint', $value ); return $value; } if ( 'raw' === $context ) { return $value; } $prefixed = false; if ( false !== strpos( $field, 'post_' ) ) { $prefixed = true; $field_no_prefix = str_replace( 'post_', '', $field ); } if ( 'edit' === $context ) { $format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' ); if ( $prefixed ) { /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "edit_{$field}", $value, $post_id ); /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to * the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); } else { $value = apply_filters( "edit_post_{$field}", $value, $post_id ); } if ( in_array( $field, $format_to_edit, true ) ) { if ( 'post_content' === $field ) { $value = format_to_edit( $value, user_can_richedit() ); } else { $value = format_to_edit( $value ); } } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "pre_{$field}", $value ); /** * Filters the value of a specific field before saving. * * The dynamic portion of the hook name, `$field_no_prefix`, refers * to the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); } else { $value = apply_filters( "pre_post_{$field}", $value ); /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field}_pre", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** * Filters the value of a specific post field for display. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the prefixed post field. * @param int $post_id Post ID. * @param string $context Context for how to sanitize the field. * Accepts 'raw', 'edit', 'db', 'display', * 'attribute', or 'js'. Default 'display'. */ $value = apply_filters( "{$field}", $value, $post_id, $context ); } else { $value = apply_filters( "post_{$field}", $value, $post_id, $context ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; }