Daily Archives: August 26, 2016

Standard

Posted by

Posted on

August 26, 2016

Posted under

Wordpress

Comments

Leave a comment

Wordpres: Notes

WordPress Form Value

<input type="text" name="cf-name" value="<?php echo ( isset($_POST['cf-name']) ? esc_attr($_POST['cf-name']) : '' ) ?>" >

WordPress Data Validation:

 sanitize_email()

sanitize_file_name()

sanitize_html_class()

sanitize_key()

sanitize_mime_type()

sanitize_option()

sanitize_sql_orderby()

sanitize_text_field()

sanitize_title_for_query()

sanitize_title_with_dashes()

sanitize_user()

sanitize_meta()

sanitize_term()

sanitize_term_field()

Escaping: Securing Output:

esc_html() we should use anytime our HTML element encloses a section of data we’re outputting.

<h4><?php echo esc_html( $title ); ?></h4>

esc_url() should be used on all URLs, including those in the ‘src’ and ‘href’ attributes of an HTML element.

<img src="<?php echo esc_url( $great_user_picture_url ); ?>" /></pre>
<pre>

esc_js() is intended for inline Javascript.

<a href="#" onclick="<?php echo esc_js( $custom_js ); ?>">Click me</a></pre>
<pre>

esc_attr() can be used on everything else that’s printed into an HTML element’s attribute.

<ul class="<?php echo esc_attr( $stored_class ); ?>">

esc_textarea() encodes text for use inside a textarea element.

<textarea><?php echo esc_textarea( $text ); ?></textarea>

It’s important to note that most WordPress functions properly prepare the data for output, and you don’t need to escape again.

<h4><?php the_title(); ?></h4>

get_option() function:

If the option does not exist or does not have a value, then the return value will be false. This is useful to check whether you need to install an option and is commonly used during installation of plugin options and to test whether upgrading is required.

If the option was serialized then it will be unserialized when it is returned.

get_option( string $option, mixed $default = false )

File: wp-includes/option.php

‘admin_email’ – E-mail address of blog administrator.

‘blogname’ – Weblog title; set in General Options.

‘blogdescription’ – Tagline for your blog; set in General Options.

‘blog_charset’ – Character encoding for your blog; set in Reading Options.

‘date_format’ – Default date format; set in General Options.

‘default_category’ – Default post category; set in Writing Options.

‘home’ – The blog’s home web address; set in General Options.

‘siteurl’ – WordPress web address; set in General Options.

Warning: This is not the same as get_bloginfo( ‘url’ ) (which will return the homepage url), but as get_bloginfo( ‘wpurl’ ).

‘template’ – The current theme’s name; set in Presentation.

‘start_of_week’ – Day of week calendar should start on; set in General Options.

‘upload_path’ – Default upload location; set in Miscellaneous Options.

‘users_can_register’ – Whether users can register; set in General Options.

‘posts_per_page’ – Maximum number of posts to show on a page; set in Reading Options.

‘posts_per_rss’ – Maximum number of most recent posts to show in the syndication feed; set in Reading Options.

get_bloginfo():

Retrieves information about the current site.

‘name’ – Site title (set in Settings > General)

‘description’ – Site tagline (set in Settings > General)

‘wpurl’ – The WordPress address (URL) (set in Settings > General)

‘url’ – The Site address (URL) (set in Settings > General)

‘admin_email’ – Admin email (set in Settings > General)

‘charset’ – The “Encoding for pages and feeds” (set in Settings > Reading)

‘version’ – The current WordPress version

‘html_type’ – The content-type (default: “text/html”). Themes and plugins can override the default value using the ‘pre_option_html_type’ filter

‘text_direction’ – The text direction determined by the site’s language. is_rtl() should be used instead

‘language’ – Language code for the current site

‘stylesheet_url’ – URL to the stylesheet for the active theme. An active child theme will take precedence over this value

‘stylesheet_directory’ – Directory path for the active theme. An active child theme will take precedence over this value

‘template_url’ / ‘template_directory’ – URL of the active theme’s directory. An active child theme will NOT take precedence over this value

‘pingback_url’ – The pingback XML-RPC file URL (xmlrpc.php)

‘atom_url’ – The Atom feed URL (/feed/atom)

‘rdf_url’ – The RDF/RSS 1.0 feed URL (/feed/rfd)

‘rss_url’ – The RSS 0.92 feed URL (/feed/rss)

‘rss2_url’ – The RSS 2.0 feed URL (/feed)

‘comments_atom_url’ – The comments Atom feed URL (/comments/feed)

‘comments_rss2_url’ – The comments RSS 2.0 feed URL (/comments/feed)