Sanitizes a theme header.
Parameters
$header
stringrequired- Theme header. Accepts
'Name'
,'Description'
,'Author'
,'Version'
,'ThemeURI'
,'AuthorURI'
,'Status'
,'Tags'
,'RequiresWP'
,'RequiresPHP'
,'UpdateURI'
. $value
stringrequired- Value to sanitize.
Source
private function sanitize_header( $header, $value ) {
switch ( $header ) {
case 'Status':
if ( ! $value ) {
$value = 'publish';
break;
}
// Fall through otherwise.
case 'Name':
static $header_tags = array(
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags );
break;
case 'Author':
// There shouldn't be anchor tags in Author, but some themes like to be challenging.
case 'Description':
static $header_tags_with_a = array(
'a' => array(
'href' => true,
'title' => true,
),
'abbr' => array( 'title' => true ),
'acronym' => array( 'title' => true ),
'code' => true,
'em' => true,
'strong' => true,
);
$value = wp_kses( $value, $header_tags_with_a );
break;
case 'ThemeURI':
case 'AuthorURI':
$value = sanitize_url( $value );
break;
case 'Tags':
$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
break;
case 'Version':
case 'RequiresWP':
case 'RequiresPHP':
case 'UpdateURI':
$value = strip_tags( $value );
break;
}
return $value;
}
User Contributed Notes
You must log in before being able to contribute a note or feedback.