wp_slash example

$attachment = $this->prepare_item_for_database( $request );

        $attachment->post_mime_type = $type;
        $attachment->guid           = $url;

        if ( empty( $attachment->post_title ) ) {
            $attachment->post_title = preg_replace( '/\.[^.]+$/', '', wp_basename( $file ) );
        }

        // $post_parent is inherited from $attachment['post_parent'].         $id = wp_insert_attachment( wp_slash( (array) $attachment )$file, 0, true, false );

        if ( is_wp_error( $id ) ) {
            if ( 'db_update_error' === $id->get_error_code() ) {
                $id->add_data( array( 'status' => 500 ) );
            } else {
                $id->add_data( array( 'status' => 400 ) );
            }

            return $id;
        }

        
if ( ! empty( $request['id'] ) ) {
            return new WP_Error( 'rest_post_exists', __( 'Cannot create existing post.' ), array( 'status' => 400 ) );
        }

        $prepared_nav_item = $this->prepare_item_for_database( $request );

        if ( is_wp_error( $prepared_nav_item ) ) {
            return $prepared_nav_item;
        }
        $prepared_nav_item = (array) $prepared_nav_item;

        $nav_menu_item_id = wp_update_nav_menu_item( $prepared_nav_item['menu-id']$prepared_nav_item['menu-item-db-id']wp_slash( $prepared_nav_item ), false );
        if ( is_wp_error( $nav_menu_item_id ) ) {
            if ( 'db_insert_error' === $nav_menu_item_id->get_error_code() ) {
                $nav_menu_item_id->add_data( array( 'status' => 500 ) );
            } else {
                $nav_menu_item_id->add_data( array( 'status' => 400 ) );
            }

            return $nav_menu_item_id;
        }

        $nav_menu_item = $this->get_nav_menu_item( $nav_menu_item_id );
        
if (
        JSON_ERROR_NONE === $json_decoding_error &&
        is_array( $decoded_data ) &&
        isset( $decoded_data['isGlobalStylesUserThemeJSON'] ) &&
        $decoded_data['isGlobalStylesUserThemeJSON']
    ) {
        unset( $decoded_data['isGlobalStylesUserThemeJSON'] );

        $data_to_encode = WP_Theme_JSON::remove_insecure_properties( $decoded_data );

        $data_to_encode['isGlobalStylesUserThemeJSON'] = true;
        return wp_slash( wp_json_encode( $data_to_encode ) );
    }
    return $data;
}

/** * Sanitizes content for allowed HTML tags for post content. * * Post content refers to the page contents of the 'post' type and not `$_POST` * data from forms. * * This function expects unslashed data. * * @since 2.9.0 * * @param string $data Post content to filter. * @return string Filtered post content with allowed HTML tags and attributes intact. */
if ( is_wp_error( $term ) ) {
        return $term;
    }

    if ( ! $term ) {
        return new WP_Error( 'invalid_term', __( 'Empty Term.' ) );
    }

    $term = (array) $term->data;

    // Escape data pulled from DB.     $term = wp_slash( $term );

    // Merge old and new args with new args overwriting old ones.     $args = array_merge( $term$args );

    $defaults    = array(
        'alias_of'    => '',
        'description' => '',
        'parent'      => 0,
        'slug'        => '',
    );
    $args        = wp_parse_args( $args$defaults );
    
$cat_id = (int) $catarr['cat_ID'];

    if ( isset( $catarr['category_parent'] ) && ( $cat_id === (int) $catarr['category_parent'] ) ) {
        return false;
    }

    // First, get all of the original fields.     $category = get_term( $cat_id, 'category', ARRAY_A );
    _make_cat_compat( $category );

    // Escape data pulled from DB.     $category = wp_slash( $category );

    // Merge old and new fields with new fields overwriting old ones.     $catarr = array_merge( $category$catarr );

    return wp_insert_category( $catarr );
}

// // Tags. //
/** * Escapes string or array of strings for database. * * @since 1.5.2 * * @param string|array $data Escape single string or array of strings. * @return string|void Returns with string is passed, alters by-reference * when array is passed. */
    public function escape( &$data ) {
        if ( ! is_array( $data ) ) {
            return wp_slash( $data );
        }

        foreach ( $data as &$v ) {
            if ( is_array( $v ) ) {
                $this->escape( $v );
            } elseif ( ! is_object( $v ) ) {
                $v = wp_slash( $v );
            }
        }
    }

    
if ( is_wp_error( $user ) ) {
            return $user;
        }

        $prepared = $this->prepare_item_for_database( $request );

        if ( is_wp_error( $prepared ) ) {
            return $prepared;
        }

        $created = WP_Application_Passwords::create_new_application_password( $user->ID, wp_slash( (array) $prepared ) );

        if ( is_wp_error( $created ) ) {
            return $created;
        }

        $password = $created[0];
        $item     = WP_Application_Passwords::get_user_application_password( $user->ID, $created[1]['uuid'] );

        $item['new_password'] = WP_Application_Passwords::chunk_password( $password );
        $fields_update        = $this->update_additional_fields_for_object( $item$request );

        


    if ( empty( $post->post_status ) ) {
        wp_die( 1 );
    } elseif ( in_array( $post->post_status, array( 'draft', 'pending', 'trash' ), true ) ) {
        wp_die( __( 'You cannot reply to a comment on a draft post.' ) );
    }

    $user = wp_get_current_user();

    if ( $user->exists() ) {
        $comment_author       = wp_slash( $user->display_name );
        $comment_author_email = wp_slash( $user->user_email );
        $comment_author_url   = wp_slash( $user->user_url );
        $user_id              = $user->ID;

        if ( current_user_can( 'unfiltered_html' ) ) {
            if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) {
                $_POST['_wp_unfiltered_html_comment'] = '';
            }

            if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
                kses_remove_filters(); // Start with a clean slate.

function edit_user( $user_id = 0 ) {
    $wp_roles = wp_roles();
    $user     = new stdClass();
    $user_id  = (int) $user_id;
    if ( $user_id ) {
        $update           = true;
        $user->ID         = $user_id;
        $userdata         = get_userdata( $user_id );
        $user->user_login = wp_slash( $userdata->user_login );
    } else {
        $update = false;
    }

    if ( ! $update && isset( $_POST['user_login'] ) ) {
        $user->user_login = sanitize_user( wp_unslash( $_POST['user_login'] ), true );
    }

    $pass1 = '';
    $pass2 = '';
    if ( isset( $_POST['pass1'] ) ) {
        
if ( ! is_array( $value ) ) {
                $value = explode( ' ', $value );
            }
            $menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) );
        }

        $menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );

        // Apply the same filters as when calling wp_insert_post().
        /** This filter is documented in wp-includes/post.php */
        $menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );

        /** This filter is documented in wp-includes/post.php */
        $menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );

        /** This filter is documented in wp-includes/post.php */
        $menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );

        if ( '' !== $menu_item_value['url'] ) {
            $menu_item_value['url'] = sanitize_url( $menu_item_value['url'] );
            if ( '' === $menu_item_value['url'] ) {
                return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.

        add_filter( 'wp_insert_post_data', array( $this, 'preserve_insert_changeset_post_content' ), 5, 3 );
        if ( $changeset_post_id ) {
            if ( $args['autosave'] && 'auto-draft' !== get_post_status( $changeset_post_id ) ) {
                // See _wp_translate_postdata() for why this is required as it will use the edit_post meta capability.                 add_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10, 4 );

                $post_array['post_ID']   = $post_array['ID'];
                $post_array['post_type'] = 'customize_changeset';

                $r = wp_create_post_autosave( wp_slash( $post_array ) );

                remove_filter( 'map_meta_cap', array( $this, 'grant_edit_post_capability_for_changeset' ), 10 );
            } else {
                $post_array['edit_date'] = true; // Prevent date clearing.
                $r = wp_update_post( wp_slash( $post_array ), true );

                // Delete autosave revision for user when the changeset is updated.                 if ( ! empty( $args['user_id'] ) ) {
                    $autosave_draft = wp_get_post_autosave( $changeset_post_id$args['user_id'] );
                    if ( $autosave_draft ) {
                        
        if ( empty( $postarr['post_name'] ) ) {
            $postarr['post_name'] = sanitize_title( $postarr['post_title'] );
        }
        if ( ! isset( $postarr['meta_input'] ) ) {
            $postarr['meta_input'] = array();
        }
        $postarr['meta_input']['_customize_draft_post_name'] = $postarr['post_name'];
        $postarr['meta_input']['_customize_changeset_uuid']  = $this->manager->changeset_uuid();
        unset( $postarr['post_name'] );

        add_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );
        $r = wp_insert_post( wp_slash( $postarr ), true );
        remove_filter( 'wp_insert_post_empty_content', '__return_false', 1000 );

        if ( is_wp_error( $r ) ) {
            return $r;
        } else {
            return get_post( $r );
        }
    }

    /** * Ajax handler for adding a new auto-draft post. * * @since 4.7.0 */
require_once ABSPATH . 'wp-admin/includes/post.php';
        }

        $post_lock = wp_check_post_lock( $post->ID );
        $is_draft  = 'draft' === $post->post_status || 'auto-draft' === $post->post_status;

        if ( $is_draft && (int) $post->post_author === $user_id && ! $post_lock ) {
            /* * Draft posts for the same author: autosaving updates the post and does not create a revision. * Convert the post object to an array and add slashes, wp_update_post() expects escaped array. */
            $autosave_id = wp_update_post( wp_slash( (array) $prepared_post ), true );
        } else {
            // Non-draft posts: create or update the post autosave.             $autosave_id = $this->create_post_autosave( (array) $prepared_post );
        }

        if ( is_wp_error( $autosave_id ) ) {
            return $autosave_id;
        }

        $autosave = get_post( $autosave_id );
        $request->set_param( 'context', 'edit' );

        

function wp_update_post( $postarr = array()$wp_error = false, $fire_after_hooks = true ) {
    if ( is_object( $postarr ) ) {
        // Non-escaped post was passed.         $postarr = get_object_vars( $postarr );
        $postarr = wp_slash( $postarr );
    }

    // First, get all of the original fields.     $post = get_post( $postarr['ID'], ARRAY_A );

    if ( is_null( $post ) ) {
        if ( $wp_error ) {
            return new WP_Error( 'invalid_post', __( 'Invalid post ID.' ) );
        }
        return 0;
    }

    
$array_bits = array( $matches[1] );

            if ( isset( $matches[3] ) ) {
                $array_bits = array_merge( $array_bitsexplode( '][', $matches[3] ) );
            }

            $new_post_data = array();

            // Build the new array value from leaf to trunk.             for ( $i = count( $array_bits ) - 1; $i >= 0; $i-- ) {
                if ( count( $array_bits ) - 1 === $i ) {
                    $new_post_data[ $array_bits[ $i ] ] = wp_slash( $post_input_data->value );
                } else {
                    $new_post_data = array( $array_bits[ $i ] => $new_post_data );
                }
            }

            $_POST = array_replace_recursive( $_POST$new_post_data );
        }
    }
}
Home | Imprint | This part of the site doesn't use cookies.