wpseek.com
A WordPress-centric search engine for devs and theme authors
sanitize_post_field › WordPress Function
Since2.3.0
Deprecatedn/a
› sanitize_post_field ( $field, $value, $post_id, $context = 'display' )
Parameters: (4) |
|
Returns: |
|
Defined at: |
|
Codex: | |
Change Log: |
|
Sanitizes a post field based on context.
Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and 'js'. The 'display' context is used by default. 'attribute' and 'js' contexts are treated like 'display' when calling filters.Related Functions: sanitize_text_field, sanitize_user_field, sanitize_term_field, sanitize_post, _sanitize_text_fields
Source
function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { $int_fields = array( 'ID', 'post_parent', 'menu_order' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } // Fields which contain arrays of integers. $array_int_fields = array( 'ancestors' ); if ( in_array( $field, $array_int_fields, true ) ) { $value = array_map( 'absint', $value ); return $value; } if ( 'raw' === $context ) { return $value; } $prefixed = false; if ( str_contains( $field, 'post_' ) ) { $prefixed = true; $field_no_prefix = str_replace( 'post_', '', $field ); } if ( 'edit' === $context ) { $format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' ); if ( $prefixed ) { /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. Possible filter names include: * * - `edit_post_author` * - `edit_post_date` * - `edit_post_date_gmt` * - `edit_post_content` * - `edit_post_title` * - `edit_post_excerpt` * - `edit_post_status` * - `edit_post_password` * - `edit_post_name` * - `edit_post_modified` * - `edit_post_modified_gmt` * - `edit_post_content_filtered` * - `edit_post_parent` * - `edit_post_type` * - `edit_post_mime_type` * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "edit_{$field}", $value, $post_id ); /** * Filters the value of a specific post field to edit. * * Only applied to post fields with a name which is prefixed with `post_`. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to the * post field name minus the `post_` prefix. Possible filter names include: * * - `author_edit_pre` * - `date_edit_pre` * - `date_gmt_edit_pre` * - `content_edit_pre` * - `title_edit_pre` * - `excerpt_edit_pre` * - `status_edit_pre` * - `password_edit_pre` * - `name_edit_pre` * - `modified_edit_pre` * - `modified_gmt_edit_pre` * - `content_filtered_edit_pre` * - `parent_edit_pre` * - `type_edit_pre` * - `mime_type_edit_pre` * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); } else { /** * Filters the value of a specific post field to edit. * * Only applied to post fields not prefixed with `post_`. * * The dynamic portion of the hook name, `$field`, refers to the * post field name. Possible filter names include: * * - `edit_post_ID` * - `edit_post_ping_status` * - `edit_post_pinged` * - `edit_post_to_ping` * - `edit_post_comment_count` * - `edit_post_comment_status` * - `edit_post_guid` * - `edit_post_menu_order` * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "edit_post_{$field}", $value, $post_id ); } if ( in_array( $field, $format_to_edit, true ) ) { if ( 'post_content' === $field ) { $value = format_to_edit( $value, user_can_richedit() ); } else { $value = format_to_edit( $value ); } } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** * Filters the value of a specific post field before saving. * * Only applied to post fields with a name which is prefixed with `post_`. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. Possible filter names include: * * - `pre_post_author` * - `pre_post_date` * - `pre_post_date_gmt` * - `pre_post_content` * - `pre_post_title` * - `pre_post_excerpt` * - `pre_post_status` * - `pre_post_password` * - `pre_post_name` * - `pre_post_modified` * - `pre_post_modified_gmt` * - `pre_post_content_filtered` * - `pre_post_parent` * - `pre_post_type` * - `pre_post_mime_type` * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "pre_{$field}", $value ); /** * Filters the value of a specific field before saving. * * Only applied to post fields with a name which is prefixed with `post_`. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to the * post field name minus the `post_` prefix. Possible filter names include: * * - `author_save_pre` * - `date_save_pre` * - `date_gmt_save_pre` * - `content_save_pre` * - `title_save_pre` * - `excerpt_save_pre` * - `status_save_pre` * - `password_save_pre` * - `name_save_pre` * - `modified_save_pre` * - `modified_gmt_save_pre` * - `content_filtered_save_pre` * - `parent_save_pre` * - `type_save_pre` * - `mime_type_save_pre` * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); } else { /** * Filters the value of a specific field before saving. * * Only applied to post fields with a name which is prefixed with `post_`. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to the * post field name minus the `post_` prefix. Possible filter names include: * * - `pre_post_ID` * - `pre_post_comment_status` * - `pre_post_ping_status` * - `pre_post_to_ping` * - `pre_post_pinged` * - `pre_post_guid` * - `pre_post_menu_order` * - `pre_post_comment_count` * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "pre_post_{$field}", $value ); /** * Filters the value of a specific post field before saving. * * Only applied to post fields with a name which is *not* prefixed with `post_`. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. Possible filter names include: * * - `ID_pre` * - `comment_status_pre` * - `ping_status_pre` * - `to_ping_pre` * - `pinged_pre` * - `guid_pre` * - `menu_order_pre` * - `comment_count_pre` * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field}_pre", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** * Filters the value of a specific post field for display. * * Only applied to post fields with a name which is prefixed with `post_`. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. Possible filter names include: * * - `post_author` * - `post_date` * - `post_date_gmt` * - `post_content` * - `post_title` * - `post_excerpt` * - `post_status` * - `post_password` * - `post_name` * - `post_modified` * - `post_modified_gmt` * - `post_content_filtered` * - `post_parent` * - `post_type` * - `post_mime_type` * * @since 2.3.0 * * @param mixed $value Value of the prefixed post field. * @param int $post_id Post ID. * @param string $context Context for how to sanitize the field. * Accepts 'raw', 'edit', 'db', 'display', * 'attribute', or 'js'. Default 'display'. */ $value = apply_filters( "{$field}", $value, $post_id, $context ); } else { /** * Filters the value of a specific post field for display. * * Only applied to post fields name which is *not* prefixed with `post_`. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. Possible filter names include: * * - `post_ID` * - `post_comment_status` * - `post_ping_status` * - `post_to_ping` * - `post_pinged` * - `post_guid` * - `post_menu_order` * - `post_comment_count` * * @since 2.3.0 * * @param mixed $value Value of the unprefixed post field. * @param int $post_id Post ID * @param string $context Context for how to sanitize the field. * Accepts 'raw', 'edit', 'db', 'display', * 'attribute', or 'js'. Default 'display'. */ $value = apply_filters( "post_{$field}", $value, $post_id, $context ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; }