sanitize_post_field( string $field, mixed $value, int $post_id, string $context = 'display' ): mixed
Sanitizes a post field based on context.
Contents
Description
Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.
Parameters
-
$field
string Required -
The Post Object field name.
-
$value
mixed Required -
The Post Object value.
-
$post_id
int Required -
Post ID.
-
$context
string Optional -
How to sanitize the field. Possible values are
'raw'
,'edit'
,'db'
,'display'
,'attribute'
and'js'
. Default'display'
.Default:
'display'
Return
mixed Sanitized value.
More Information
Uses apply_filters() :
- Calls 'edit_{$field}' and '{$field_no_prefix}_edit_pre' passing $value and $post_id if $context is 'edit' and field name prefix is 'post_'.
- Calls 'edit_post_{$field}' passing $value and $post_id if $context is 'db'.
- Calls 'pre_{$field}' passing $value if $context is 'db' and field name prefix is 'post_'.
- Calls '{$field}_pre' passing $value if $context is 'db' and field name prefix is not 'post_'.
- Calls '{$field}' passing $value, $post_id and $context if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is 'post_'.
- Calls 'post_$field' passing $value if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is not 'post_'.
Source
File: wp-includes/post.php
.
View all references
function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) {
$int_fields = array( 'ID', 'post_parent', 'menu_order' );
if ( in_array( $field, $int_fields, true ) ) {
$value = (int) $value;
}
// Fields which contain arrays of integers.
$array_int_fields = array( 'ancestors' );
if ( in_array( $field, $array_int_fields, true ) ) {
$value = array_map( 'absint', $value );
return $value;
}
if ( 'raw' === $context ) {
return $value;
}
$prefixed = false;
if ( str_contains( $field, 'post_' ) ) {
$prefixed = true;
$field_no_prefix = str_replace( 'post_', '', $field );
}
if ( 'edit' === $context ) {
$format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' );
if ( $prefixed ) {
/**
* Filters the value of a specific post field to edit.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
* @param int $post_id Post ID.
*/
$value = apply_filters( "edit_{$field}", $value, $post_id );
/**
* Filters the value of a specific post field to edit.
*
* The dynamic portion of the hook name, `$field_no_prefix`, refers to
* the post field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
* @param int $post_id Post ID.
*/
$value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id );
} else {
$value = apply_filters( "edit_post_{$field}", $value, $post_id );
}
if ( in_array( $field, $format_to_edit, true ) ) {
if ( 'post_content' === $field ) {
$value = format_to_edit( $value, user_can_richedit() );
} else {
$value = format_to_edit( $value );
}
} else {
$value = esc_attr( $value );
}
} elseif ( 'db' === $context ) {
if ( $prefixed ) {
/**
* Filters the value of a specific post field before saving.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters( "pre_{$field}", $value );
/**
* Filters the value of a specific field before saving.
*
* The dynamic portion of the hook name, `$field_no_prefix`, refers
* to the post field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters( "{$field_no_prefix}_save_pre", $value );
} else {
$value = apply_filters( "pre_post_{$field}", $value );
/**
* Filters the value of a specific post field before saving.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters( "{$field}_pre", $value );
}
} else {
// Use display filters by default.
if ( $prefixed ) {
/**
* Filters the value of a specific post field for display.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the prefixed post field.
* @param int $post_id Post ID.
* @param string $context Context for how to sanitize the field.
* Accepts 'raw', 'edit', 'db', 'display',
* 'attribute', or 'js'. Default 'display'.
*/
$value = apply_filters( "{$field}", $value, $post_id, $context );
} else {
$value = apply_filters( "post_{$field}", $value, $post_id, $context );
}
if ( 'attribute' === $context ) {
$value = esc_attr( $value );
} elseif ( 'js' === $context ) {
$value = esc_js( $value );
}
}
// Restore the type for integer fields after esc_attr().
if ( in_array( $field, $int_fields, true ) ) {
$value = (int) $value;
}
return $value;
}
Hooks
-
apply_filters( "edit_{$field}",
mixed $value ,int $post_id ) -
Filters the value of a specific post field to edit.
-
apply_filters( "pre_{$field}",
mixed $value ) -
Filters the value of a specific post field before saving.
-
apply_filters( "{$field_no_prefix}_edit_pre",
mixed $value ,int $post_id ) -
Filters the value of a specific post field to edit.
-
apply_filters( "{$field_no_prefix}_save_pre",
mixed $value ) -
Filters the value of a specific field before saving.
-
apply_filters( "{$field}",
mixed $value ,int $post_id ,string $context ) -
Filters the value of a specific post field for display.
-
apply_filters( "{$field}_pre",
mixed $value ) -
Filters the value of a specific post field before saving.
Changelog
Version | Description |
---|---|
4.4.0 | Like sanitize_post() , $context defaults to 'display' . |
2.3.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.
Sanitizing for Display
Sanitize a post title for display:
Sanitizing for Attributes
Sanitize a post title for use as the value of a hidden form field:
Here are the default post fields that you can get (case-sensitive):
ID
post_author
post_date
post_date_gmt
post_content
post_title
post_excerpt
post_status
comment_status
ping_status
post_password
post_name
to_ping
pinged
post_modified
post_modified_gmt
post_content_filtered
post_parent
guid
menu_order
post_type
post_mime_type
comment_count
filter