Alert: This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

WP_Theme::sanitize_header( string $header, string $value )

Sanitize a theme header.

Contents

Parameters Parameters

$header

(string) (Required) Theme header. Accepts 'Name', 'Description', 'Author', 'Version', 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP'.

$value

(string) (Required) Value to sanitize.

Top ↑

Return Return

(string|array) An array for Tags header, string otherwise.

Top ↑

Source Source

File: wp-includes/class-wp-theme.php 

	private function sanitize_header( $header, $value ) {
		switch ( $header ) {
			case 'Status':
				if ( ! $value ) {
					$value = 'publish';
					break;
				}
				// Fall through otherwise.
			case 'Name':
				static $header_tags = array(
					'abbr'    => array( 'title' => true ),
					'acronym' => array( 'title' => true ),
					'code'    => true,
					'em'      => true,
					'strong'  => true,
				);

				$value = wp_kses( $value, $header_tags );
				break;
			case 'Author':
				// There shouldn't be anchor tags in Author, but some themes like to be challenging.
			case 'Description':
				static $header_tags_with_a = array(
					'a'       => array(
						'href'  => true,
						'title' => true,
					),
					'abbr'    => array( 'title' => true ),
					'acronym' => array( 'title' => true ),
					'code'    => true,
					'em'      => true,
					'strong'  => true,
				);

				$value = wp_kses( $value, $header_tags_with_a );
				break;
			case 'ThemeURI':
			case 'AuthorURI':
				$value = esc_url_raw( $value );
				break;
			case 'Tags':
				$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
				break;
			case 'Version':
			case 'RequiresWP':
			case 'RequiresPHP':
				$value = strip_tags( $value );
				break;
		}

		return $value;
	}

Expand full source code Collapse full source code View on Trac

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/formatting.php: esc_url_raw()

Performs esc_url() for database usage.
wp-includes/kses.php: wp_kses()

Filters text content and strips out disallowed HTML.

Top ↑

Changelog Changelog

Changelog
Version Description
5.4.0 Added support for Requires at least and Requires PHP headers.
3.4.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.