sanitize_post_field() - WordPress 函数参考中文文档

返回介绍

sanitize_post_field()

发布于 2017-09-11 字数7547 浏览 939 评论 0

sanitize_post_field( string $field,  mixed $value,  int $post_id,  string $context = 'display' )

Sanitize post field based on context.


描述

Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.


参数

$field

(string)
(Required)
The Post Object field name.

$value

(mixed)
(Required)
The Post Object value.

$post_id

(int)
(Required)
Post ID.

$context

(string)
(Optional)
How to sanitize post fields. Looks for ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’.

Default value: ‘display’


返回值

(mixed) Sanitized value.


源代码

File: wp-includes/post.php

function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) {
	$int_fields = array('ID', 'post_parent', 'menu_order');
	if ( in_array($field, $int_fields) )
		$value = (int) $value;

	// Fields which contain arrays of integers.
	$array_int_fields = array( 'ancestors' );
	if ( in_array($field, $array_int_fields) ) {
		$value = array_map( 'absint', $value);
		return $value;
	}

	if ( 'raw' == $context )
		return $value;

	$prefixed = false;
	if ( false !== strpos($field, 'post_') ) {
		$prefixed = true;
		$field_no_prefix = str_replace('post_', '', $field);
	}

	if ( 'edit' == $context ) {
		$format_to_edit = array('post_content', 'post_excerpt', 'post_title', 'post_password');

		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field to edit.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value   Value of the post field.
			 * @param int   $post_id Post ID.
			 */
			$value = apply_filters( "edit_{$field}", $value, $post_id );

			/**
			 * Filters the value of a specific post field to edit.
			 *
			 * The dynamic portion of the hook name, `$field_no_prefix`, refers to
			 * the post field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value   Value of the post field.
			 * @param int   $post_id Post ID.
			 */
			$value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id );
		} else {
			$value = apply_filters( "edit_post_{$field}", $value, $post_id );
		}

		if ( in_array($field, $format_to_edit) ) {
			if ( 'post_content' == $field )
				$value = format_to_edit($value, user_can_richedit());
			else
				$value = format_to_edit($value);
		} else {
			$value = esc_attr($value);
		}
	} elseif ( 'db' == $context ) {
		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field before saving.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "pre_{$field}", $value );

			/**
			 * Filters the value of a specific field before saving.
			 *
			 * The dynamic portion of the hook name, `$field_no_prefix`, refers
			 * to the post field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "{$field_no_prefix}_save_pre", $value );
		} else {
			$value = apply_filters( "pre_post_{$field}", $value );

			/**
			 * Filters the value of a specific post field before saving.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed $value Value of the post field.
			 */
			$value = apply_filters( "{$field}_pre", $value );
		}
	} else {

		// Use display filters by default.
		if ( $prefixed ) {

			/**
			 * Filters the value of a specific post field for display.
			 *
			 * The dynamic portion of the hook name, `$field`, refers to the post
			 * field name.
			 *
			 * @since 2.3.0
			 *
			 * @param mixed  $value   Value of the prefixed post field.
			 * @param int    $post_id Post ID.
			 * @param string $context Context for how to sanitize the field. Possible
			 *                        values include 'raw', 'edit', 'db', 'display',
			 *                        'attribute' and 'js'.
			 */
			$value = apply_filters( "{$field}", $value, $post_id, $context );
		} else {
			$value = apply_filters( "post_{$field}", $value, $post_id, $context );
		}

		if ( 'attribute' == $context ) {
			$value = esc_attr( $value );
		} elseif ( 'js' == $context ) {
			$value = esc_js( $value );
		}
	}

	return $value;
}

更新日志

Version 描述
4.4.0 Like sanitize_post(), $context defaults to ‘display’.
2.3.0 Introduced.

相关函数

Uses

  • wp-includes/formatting.php:
    esc_attr()
  • wp-includes/formatting.php:
    esc_js()
  • wp-includes/formatting.php:
    format_to_edit()
  • wp-includes/general-template.php:
    user_can_richedit()
  • wp-includes/plugin.php:
    apply_filters()
  • wp-includes/post.php:
    edit_{$field}
  • wp-includes/post.php:
    {$field_no_prefix}_edit_pre
  • wp-includes/post.php:
    pre_{$field}
  • wp-includes/post.php:
    {$field_no_prefix}_save_pre
  • wp-includes/post.php:
    {$field}_pre
  • wp-includes/post.php:
    {$field}
  • Show 6 more uses
    Hide more uses


Used By

  • wp-admin/includes/post.php:
    post_exists()
  • wp-includes/class-wp-post.php:
    WP_Post::__get()
  • wp-includes/post.php:
    sanitize_post()
  • wp-includes/post.php:
    set_post_type()
  • wp-includes/post.php:
    get_post_field()

User Contributed Notes

  1. Skip to note content

    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

    Contributed by Codex

    Sanitizing for Display
    Sanitize a post title for display:

    
    $post = get_post( 35 );
    $post_title = sanitize_post_field( 'post_title', $post->post_title, $post->ID, 'display' );
    echo $post_title;
    
  2. Sanitizing for Attributes
    Sanitize a post title for use as the value of a hidden form field:

    
    $post = get_post( 543 );
    $post_title = sanitize_post_field( 'post_title', $post->post_title, $post->ID, 'attribute' );
    echo '<input type="hidden" name="post-title" value="' . esc_attr( $post_title ) . '" />';
    

上一篇:sanitize_post()

下一篇:sanitize_sql_orderby()

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

目前还没有任何评论,快来抢沙发吧!