Submitting posts from the front end - sanitizing data

wordpress.stackexchange https://wordpress.stackexchange.com/questions/9515

  •  16-10-2019
  •  | 
  •  

Question

I have a form that allows any registered user to submit a post (it's a custom post type - forum related), and I'm using wp_insert_post() to insert it into the db.

From what I've seen in this function a sanitize_post() function is run automatically, but I think this only handles db escaping and such.

So how do I sanitize the input data the same way as the wp-admin editor does? I mean apply the kses filter and all the other stuff...

Was it helpful?

Solution

When a post is created/edited from the admin, edit_post() is called.

This function simply collects all the $_POST arguments and passes them to wp_update_post().

wp_update_post() then does some more logical checks and passes the data along to wp_insert_post().

wp_insert_post() calls sanitize_post(), which does all the heavy duty sanitization.

So, yes, wp_insert_post() is the correct way to do it.

OTHER TIPS

Otto did a blog about using kses last year, see if that helps.
http://ottopress.com/2010/wp-quickie-kses/

Licensed under: CC-BY-SA with attribution
Not affiliated with wordpress.stackexchange
scroll top