CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
sanitize_url example
$content = apply_filters( 'user_request_confirmed_email_content', $content, $email_data );
$content = str_replace( '###SITENAME###', $email_data['sitename'], $content );
$content = str_replace( '###USER_EMAIL###', $email_data['user_email'], $content );
$content = str_replace( '###DESCRIPTION###', $email_data['description'], $content );
$content = str_replace( '###MANAGE_URL###', sanitize_url( $email_data['manage_url'] ), $content );
$content = str_replace( '###SITEURL###', sanitize_url( $email_data['siteurl'] ), $content );
$headers = '';
/** * Filters the headers of the user request confirmation email. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type string $user_email The email address confirming a request * @type string $description Description of the action being performed so the user knows what the email is for. * @type string $manage_url The link to click manage privacy requests of this type. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * @type string $admin_email The administrator email receiving the mail. * } */
'guid' => $url,
'context' => 'custom-background',
);
// Save the data. $id = wp_insert_attachment( $attachment, $file );
// Add the metadata. wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
update_post_meta( $id, '_wp_attachment_is_custom_background', get_option( 'stylesheet' ) );
set_theme_mod( 'background_image', sanitize_url( $url ) );
$thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
/** This action is documented in wp-admin/includes/class-custom-image-header.php */
do_action( 'wp_create_file_in_uploads', $file, $id ); // For replication. $this->updated = true;
}
/** * Handles Ajax request for adding custom background context to an attachment. * * Triggers when the user adds a new background image from the * Media Manager. * * @since 4.1.0 */
'context' => 'custom-background',
);
// Save the data. $id = wp_insert_attachment( $attachment, $file );
// Add the metadata. wp_update_attachment_metadata( $id, wp_generate_attachment_metadata( $id, $file ) );
update_post_meta( $id, '_wp_attachment_is_custom_background', get_option( 'stylesheet' ) );
set_theme_mod( 'background_image', sanitize_url( $url ) );
$thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
set_theme_mod( 'background_image_thumb', sanitize_url( $thumbnail[0] ) );
/** This action is documented in wp-admin/includes/class-custom-image-header.php */
do_action( 'wp_create_file_in_uploads', $file, $id ); // For replication. $this->updated = true;
}
/** * Handles Ajax request for adding custom background context to an attachment. * * Triggers when the user adds a new background image from the * Media Manager. * * @since 4.1.0 */
if ( empty( $_REQUEST['tag_ID'] ) ) {
$sendback = admin_url( 'edit-tags.php' );
if ( ! empty( $taxnow ) ) {
$sendback = add_query_arg( array( 'taxonomy' => $taxnow ), $sendback );
}
if ( 'post' !== get_current_screen()->post_type ) {
$sendback = add_query_arg( 'post_type', get_current_screen()->post_type, $sendback );
}
wp_redirect( sanitize_url( $sendback ) );
exit;
}
$tag_ID = absint( $_REQUEST['tag_ID'] );
$tag = get_term( $tag_ID, $taxnow, OBJECT, 'edit' );
if ( ! $tag instanceof WP_Term ) {
wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
}
$tax = get_taxonomy( $tag->taxonomy );
$sendback = admin_url( 'edit-tags.php' );
if ( ! empty( $taxnow ) ) {
$sendback = add_query_arg( array( 'taxonomy' => $taxnow ), $sendback );
}
if ( 'post' !== get_current_screen()->post_type ) {
$sendback = add_query_arg( 'post_type', get_current_screen()->post_type, $sendback );
}
wp_redirect( sanitize_url( $sendback ) );
exit;
}
$tag_ID = absint( $_REQUEST['tag_ID'] );
$tag = get_term( $tag_ID, $taxnow, OBJECT, 'edit' );
if ( ! $tag instanceof WP_Term ) {
wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
}
$tax = get_taxonomy( $tag->taxonomy );
/**
* Prints JavaScript settings for preview frame.
*
* @since 3.4.0
*/
public function customize_preview_settings() {
$post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) );
$setting_validities = $this->validate_setting_values( $post_values );
$exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities );
// Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations. $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) );
$state_query_params = array(
'customize_theme',
'customize_changeset_uuid',
'customize_messenger_channel',
);
$self_url = remove_query_arg( $state_query_params, $self_url );
$allowed_urls = $this->get_allowed_urls();
$allowed_hosts = array();
foreach ( $allowed_urls as $allowed_url ) {
$parsed = wp_parse_url( $allowed_url );
public function customize_preview_settings() {
$post_values = $this->unsanitized_post_values( array( 'exclude_changeset' => true ) );
$setting_validities = $this->validate_setting_values( $post_values );
$exported_setting_validities = array_map( array( $this, 'prepare_setting_validity_for_js' ), $setting_validities );
// Note that the REQUEST_URI is not passed into home_url() since this breaks subdirectory installations. $self_url = empty( $_SERVER['REQUEST_URI'] ) ? home_url( '/' ) : sanitize_url( wp_unslash( $_SERVER['REQUEST_URI'] ) );
$state_query_params = array(
'customize_theme',
'customize_changeset_uuid',
'customize_messenger_channel',
);
$self_url = remove_query_arg( $state_query_params, $self_url );
$allowed_urls = $this->get_allowed_urls();
$allowed_hosts = array();
foreach ( $allowed_urls as $allowed_url ) {
$parsed = wp_parse_url( $allowed_url );
if ( $is_block_theme && $can_edit_theme_options ) {
$customize_action = admin_url( 'site-editor.php' );
if ( $current_theme !== $slug ) {
$customize_action = add_query_arg( 'wp_theme_preview', $slug, $customize_action );
}
} elseif ( ! $is_block_theme && $can_customize && $can_edit_theme_options ) {
$customize_action = wp_customize_url( $slug );
}
if ( null !== $customize_action ) {
$customize_action = add_query_arg(
array(
'return' => urlencode( sanitize_url( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
),
$customize_action
);
$customize_action = esc_url( $customize_action );
}
$update_requires_wp = isset( $updates[ $slug ]['requires'] ) ? $updates[ $slug ]['requires'] : null;
$update_requires_php = isset( $updates[ $slug ]['requires_php'] ) ? $updates[ $slug ]['requires_php'] : null;
$auto_update = in_array( $slug, $auto_updates, true );
$auto_update_action = $auto_update ? 'disable-auto-update' : 'enable-auto-update';
$customize_action = admin_url( 'site-editor.php' );
if ( $current_theme !== $slug ) {
$customize_action = add_query_arg( 'wp_theme_preview', $slug, $customize_action );
}
} elseif ( ! $is_block_theme && $can_customize && $can_edit_theme_options ) {
$customize_action = wp_customize_url( $slug );
}
if ( null !== $customize_action ) {
$customize_action = add_query_arg(
array(
'return' => urlencode( sanitize_url( remove_query_arg( wp_removable_query_args(), wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) ),
),
$customize_action
);
$customize_action = esc_url( $customize_action );
}
$update_requires_wp = isset( $updates[ $slug ]['requires'] ) ? $updates[ $slug ]['requires'] : null;
$update_requires_php = isset( $updates[ $slug ]['requires_php'] ) ? $updates[ $slug ]['requires_php'] : null;
$auto_update = in_array( $slug, $auto_updates, true );
$auto_update_action = $auto_update ? 'disable-auto-update' : 'enable-auto-update';
$content = apply_filters( 'wp_privacy_personal_data_email_content', $email_text, $request_id, $email_data );
$content = str_replace( '###EXPIRATION###', $expiration_date, $content );
$content = str_replace( '###LINK###', sanitize_url( $export_file_url ), $content );
$content = str_replace( '###EMAIL###', $request_email, $content );
$content = str_replace( '###SITENAME###', $site_name, $content );
$content = str_replace( '###SITEURL###', sanitize_url( $site_url ), $content );
$headers = '';
/** * Filters the headers of the email sent with a personal data export file. * * @since 5.4.0 * * @param string|array $headers The email headers. * @param string $subject The email subject. * @param string $content The email content. * @param int $request_id The request ID. * @param array $email_data { * Data relating to the account action email. * * @type WP_User_Request $request User request object. * @type int $expiration The time in seconds until the export file expires. * @type string $expiration_date The localized date and time when the export file expires. * @type string $message_recipient The address that the email will be sent to. Defaults * to the value of `$request->email`, but can be changed * by the `wp_privacy_personal_data_email_to` filter. * @type string $export_file_url The export file URL. * @type string $sitename The site name sending the mail. * @type string $siteurl The site URL sending the mail. * } */
$url = apply_filters( 'get_header_image', $url );
if ( ! is_string( $url ) ) {
return false;
}
$url = trim( $url );
return sanitize_url( set_url_scheme( $url ) );
}
/** * Creates image tag markup for a custom header image. * * @since 4.4.0 * * @param array $attr Optional. Additional attributes for the image tag. Can be used * to override the default attributes. Default empty. * @return string HTML image element markup or empty string on failure. */
switch ( $type ) {
case 'html':
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
break;
case 'xhtml':
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
break;
case 'atom':
$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
break;
case 'rss2':
$gen = '<generator>' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
break;
case 'rdf':
$gen = '<admin:generatorAgent rdf:resource="' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
break;
case 'comment':
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
break;
case 'export':
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . gmdate( 'Y-m-d H:i' ) . '" -->';
break;
}
case 'html':
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '">';
break;
case 'xhtml':
$gen = '<meta name="generator" content="WordPress ' . esc_attr( get_bloginfo( 'version' ) ) . '" />';
break;
case 'atom':
$gen = '<generator uri="https://wordpress.org/" version="' . esc_attr( get_bloginfo_rss( 'version' ) ) . '">WordPress</generator>';
break;
case 'rss2':
$gen = '<generator>' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '</generator>';
break;
case 'rdf':
$gen = '<admin:generatorAgent rdf:resource="' . sanitize_url( 'https://wordpress.org/?v=' . get_bloginfo_rss( 'version' ) ) . '" />';
break;
case 'comment':
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo( 'version' ) ) . '" -->';
break;
case 'export':
$gen = '<!-- generator="WordPress/' . esc_attr( get_bloginfo_rss( 'version' ) ) . '" created="' . gmdate( 'Y-m-d H:i' ) . '" -->';
break;
}
$schema['properties']['url'] = array(
'description' => __( 'The URL to which this menu item points.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'validate_callback' => static function D $url ) {
if ( '' === $url ) {
return true;
}
if ( sanitize_url( $url ) ) {
return true;
}
return new WP_Error(
'rest_invalid_url',
__( 'Invalid URL.' )
);
},
),
);
'description' => __( 'The URL to which this menu item points.' ),
'type' => 'string',
'format' => 'uri',
'context' => array( 'view', 'edit', 'embed' ),
'arg_options' => array(
'validate_callback' => static function D $url ) {
if ( '' === $url ) {
return true;
}
if ( sanitize_url( $url ) ) {
return true;
}
return new WP_Error(
'rest_invalid_url',
__( 'Invalid URL.' )
);
},
),
);
<div class="notice notice-info"><p><strong><?php _e( 'Important:' ); ?></strong> <?php _e( 'This user has super admin privileges.' ); ?></p></div>
<?php endif; ?>
<?php if ( isset( $_GET['updated'] ) ) : ?>
<div id="message" class="updated notice is-dismissible">
<?php if ( IS_PROFILE_PAGE ) : ?>
<p><strong><?php _e( 'Profile updated.' ); ?></strong></p>
<?php else : ?>
<p><strong><?php _e( 'User updated.' ); ?></strong></p>
<?php endif; ?>
<?php if ( $wp_http_referer && ! str_contains( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
<p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), self_admin_url( 'users.php' ) ) ); ?>"><?php _e( '← Go to Users' ); ?></a></p>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ( isset( $_GET['error'] ) ) : ?>
<div class="notice notice-error">
<?php if ( 'new-email' === $_GET['error'] ) : ?>
<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
<?php endif; ?>
</div>
<?php endif; ?>
if ( ! isset( $_REQUEST['tag_ID'] ) ) {
break;
}
$term_id = (int) $_REQUEST['tag_ID'];
$term = get_term( $term_id );
if ( ! $term instanceof WP_Term ) {
wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
}
wp_redirect( sanitize_url( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) );
exit;
case 'editedtag':
$tag_ID = (int) $_POST['tag_ID'];
check_admin_referer( 'update-tag_' . $tag_ID );
if ( ! current_user_can( 'edit_term', $tag_ID ) ) {
wp_die(
'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
'<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',
403
);
break;
}
$term_id = (int) $_REQUEST['tag_ID'];
$term = get_term( $term_id );
if ( ! $term instanceof WP_Term ) {
wp_die( __( 'You attempted to edit an item that does not exist. Perhaps it was deleted?' ) );
}
wp_redirect( sanitize_url( get_edit_term_link( $term_id, $taxonomy, $post_type ) ) );
exit;
case 'editedtag':
$tag_ID = (int) $_POST['tag_ID'];
check_admin_referer( 'update-tag_' . $tag_ID );
if ( ! current_user_can( 'edit_term', $tag_ID ) ) {
wp_die(
'<h1>' . __( 'You need a higher level of permission.' ) . '</h1>' .
'<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',
403
);
update_post_meta( $menu_item_db_id, '_menu_item_type', sanitize_key( $args['menu-item-type'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (string) ( (int) $args['menu-item-parent-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object_id', (string) ( (int) $args['menu-item-object-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key( $args['menu-item-object'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key( $args['menu-item-target'] ) );
$args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
$args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
update_post_meta( $menu_item_db_id, '_menu_item_url', sanitize_url( $args['menu-item-url'] ) );
if ( 0 == $menu_id ) {
update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
} elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) {
delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
}
// Update existing menu item. Default is publish status. if ( $update ) {
$post['ID'] = $menu_item_db_id;
$post['post_status'] = ( 'draft' === $args['menu-item-status'] ) ? 'draft' : 'publish';
update_post_meta( $menu_item_db_id, '_menu_item_menu_item_parent', (string) ( (int) $args['menu-item-parent-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object_id', (string) ( (int) $args['menu-item-object-id'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_object', sanitize_key( $args['menu-item-object'] ) );
update_post_meta( $menu_item_db_id, '_menu_item_target', sanitize_key( $args['menu-item-target'] ) );
$args['menu-item-classes'] = array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-classes'] ) );
$args['menu-item-xfn'] = implode( ' ', array_map( 'sanitize_html_class', explode( ' ', $args['menu-item-xfn'] ) ) );
update_post_meta( $menu_item_db_id, '_menu_item_classes', $args['menu-item-classes'] );
update_post_meta( $menu_item_db_id, '_menu_item_xfn', $args['menu-item-xfn'] );
update_post_meta( $menu_item_db_id, '_menu_item_url', sanitize_url( $args['menu-item-url'] ) );
if ( 0 == $menu_id ) {
update_post_meta( $menu_item_db_id, '_menu_item_orphaned', (string) time() );
} elseif ( get_post_meta( $menu_item_db_id, '_menu_item_orphaned' ) ) {
delete_post_meta( $menu_item_db_id, '_menu_item_orphaned' );
}
// Update existing menu item. Default is publish status. if ( $update ) {
$post['ID'] = $menu_item_db_id;
$post['post_status'] = ( 'draft' === $args['menu-item-status'] ) ? 'draft' : 'publish';
function esc_url_raw( $url, $protocols = null ) {
return sanitize_url( $url, $protocols );
}
/** * Sanitizes a URL for database or redirect usage. * * @since 2.3.1 * @since 2.8.0 Deprecated in favor of esc_url_raw(). * @since 5.9.0 Restored (un-deprecated). * * @see esc_url() * * @param string $url The URL to be cleaned. * @param string[] $protocols Optional. An array of acceptable protocols. * Defaults to return value of wp_allowed_protocols(). * @return string The cleaned URL after esc_url() is run with the 'db' context. */
<?php echo $tax->labels->edit_item; ?></h1>
<?php
$class = ( isset( $msg ) && 5 === $msg ) ? 'error' : 'success';
if ( $message ) {
?> <div id="message" class="notice notice-<?php echo $class; ?>"> <p><strong><?php echo $message; ?></strong></p> <?php if ( $wp_http_referer ) { ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"> <?php echo esc_html( $tax->labels->back_to_items ); ?> </a></p> <?php } ?> </div> <?php }
?> <div id="ajax-response"></div> <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"
if ( $message ) {
?> <div id="message" class="notice notice-<?php echo $class; ?>"> <p><strong><?php echo $message; ?></strong></p> <?php if ( $wp_http_referer ) { ?> <p><a href="<?php echo esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), admin_url( 'term.php?taxonomy=' . $taxonomy ) ) ); ?>"> <?php echo esc_html( $tax->labels->back_to_items ); ?> </a></p> <?php } ?> </div> <?php }
?> <div id="ajax-response"></div> <form name="edittag" id="edittag" method="post" action="edit-tags.php" class="validate"
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags_with_a );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = sanitize_url( $value );
break;
case 'Tags':
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
break;
case 'Version':
case 'RequiresWP':
case 'RequiresPHP':
case 'UpdateURI':
$value = strip_tags( $value );
break;
}
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags_with_a );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = sanitize_url( $value );
break;
case 'Tags':
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
break;
case 'Version':
case 'RequiresWP':
case 'RequiresPHP':
case 'UpdateURI':
$value = strip_tags( $value );
break;
}