Plugin Check 對於從輸入輸出內容讀取的驗證判斷原則。
請注意,這些是我從該外掛的內容中擷取出來方便我自己看內容確認一下如何處理好的紀錄。
輸入的部分依照是否需要先執行斜線過濾 wp_unslash 分成兩大類。
不需要過濾的函式有
- boolval , doubleval , floatval , intval , count , sizeof
- absint
- sanitize_key , sanitize_locale_name
需要先過濾的函式有
- filter_input , filter_var , hash_equals , number_format , esc_url_raw
- is_email , validate_file , _wp_handle_upload , wp_handle_sideload , wp_handle_upload , wp_kses_allowed_html , wp_kses_data , wp_kses_one_attr , wp_kses_post , wp_kses , wp_parse_id_list , wp_redirect , wp_safe_redirect , wp_sanitize_redirect , wp_strip_all_tags
- sanitize_bookmark_field , sanitize_bookmark , sanitize_email , sanitize_file_name , sanitize_hex_color_no_hash , sanitize_hex_color , sanitize_html_class , sanitize_meta , sanitize_mime_type , sanitize_option , sanitize_sql_orderby , sanitize_term_field , sanitize_term , sanitize_text_field , sanitize_textarea_field , sanitize_title_for_query , sanitize_title_with_dashes , sanitize_title , sanitize_url , sanitize_user_field , sanitize_user