wp_unslash( string|array $value ): string|array

Removes slashes from a string or recursively removes slashes from strings within an array.

Contents

Description

This should be used to remove slashes from data passed to core API that expects data to be unslashed.

Top ↑

Parameters

$value string|array Required
String or array of data to unslash.

Top ↑

Return

string|array Unslashed $value, in the same type as supplied.

Top ↑

Source

File: wp-includes/formatting.php. View all references 

function wp_unslash( $value ) {
	return stripslashes_deep( $value );
}

View on Trac View on GitHub

Top ↑

Top ↑

Uses

Uses
Uses Description
stripslashes_deep() wp-includes/formatting.php

Navigates through an array, object, or scalar, and removes slashes from the values.

Top ↑

Used By

Used By
Used By Description
WP_Site_Health::check_for_page_caching() wp-admin/includes/class-wp-site-health.php

Checks if site has page cache enabled or not.
wp_filter_global_styles_post() wp-includes/kses.php

Sanitizes global styles user content removing unsafe rules.
get_self_link() wp-includes/feed.php

Returns the link for the currently displayed feed.
WP_MS_Sites_List_Table::site_states() wp-admin/includes/class-wp-ms-sites-list-table.php

Maybe output comma-separated site states.
WP_MS_Sites_List_Table::get_views() wp-admin/includes/class-wp-ms-sites-list-table.php

Gets links to filter sites by status.
WP_Site_Health::get_test_rest_availability() wp-admin/includes/class-wp-site-health.php

Tests if the REST API is accessible.
WP_Site_Health::can_perform_loopback() wp-admin/includes/class-wp-site-health.php

Runs a loopback test on the site.
wp_initialize_site() wp-includes/ms-site.php

Runs the initialization routine for a given site.
WP_Privacy_Requests_Table::process_bulk_action() wp-admin/includes/class-wp-privacy-requests-table.php

Process bulk actions.
_wp_personal_data_handle_actions() wp-admin/includes/privacy-tools.php

Handle list table actions.
wp_xmlrpc_server::set_term_custom_fields() wp-includes/class-wp-xmlrpc-server.php

Sets custom fields for a term.
wp_start_scraping_edited_file_errors() wp-includes/load.php

Start scraping edited file errors.
WP_Customize_Manager::handle_load_themes_request() wp-includes/class-wp-customize-manager.php

Loads themes into the theme browsing/installation UI.
wp_ajax_edit_theme_plugin_file() wp-admin/includes/ajax-actions.php

Ajax handler for editing a theme or plugin file.
wp_edit_theme_plugin_file() wp-admin/includes/file.php

Attempts to edit a file for a theme or plugin.
wp_ajax_get_community_events() wp-admin/includes/ajax-actions.php

Handles Ajax requests for community events
WP_Customize_Nav_Menus::ajax_insert_auto_draft_post() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for adding a new auto-draft post.
wp_ajax_delete_plugin() wp-admin/includes/ajax-actions.php

Ajax handler for deleting a plugin.
wp_ajax_search_plugins() wp-admin/includes/ajax-actions.php

Ajax handler for searching plugins.
wp_ajax_install_theme() wp-admin/includes/ajax-actions.php

Ajax handler for installing a theme.
wp_ajax_update_theme() wp-admin/includes/ajax-actions.php

Ajax handler for updating a theme.
wp_ajax_delete_theme() wp-admin/includes/ajax-actions.php

Ajax handler for deleting a theme.
wp_ajax_install_plugin() wp-admin/includes/ajax-actions.php

Ajax handler for installing a plugin.
wp_get_raw_referer() wp-includes/functions.php

Retrieves unvalidated referer from ‘_wp_http_referer’ or HTTP referer.
WP_Customize_Selective_Refresh::handle_render_partials_request() wp-includes/customize/class-wp-customize-selective-refresh.php

Handles the Ajax request to return the rendered partials for the requested placements.
WP_REST_Server::serve_request() wp-includes/rest-api/class-wp-rest-server.php

Handles serving a REST API request.
wp_ajax_save_wporg_username() wp-admin/includes/ajax-actions.php

Ajax handler for saving the user’s WordPress.org username.
WP_Customize_Nav_Menu_Item_Setting::sanitize() wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

Sanitize an input.
WP_Customize_Nav_Menus::ajax_load_available_items() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for loading available menu items.
WP_Customize_Nav_Menus::ajax_search_available_items() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for searching available menu items.
WP_Terms_List_Table::handle_row_actions() wp-admin/includes/class-wp-terms-list-table.php

Generates and displays row action links.
WP_MS_Users_List_Table::handle_row_actions() wp-admin/includes/class-wp-ms-users-list-table.php

Generates and displays row action links.
WP_MS_Users_List_Table::column_username() wp-admin/includes/class-wp-ms-users-list-table.php

Handles the username column output.
WP_User_Search::__construct() wp-admin/includes/deprecated.php

PHP5 Constructor – Sets up the object properties.
WP_Customize_Manager::unsanitized_post_values() wp-includes/class-wp-customize-manager.php

Gets dirty pre-sanitized setting values in the current customized state.
WP_Customize_Widgets::register_settings() wp-includes/class-wp-customize-widgets.php

Inspects the incoming customized data for any widget settings, and dynamically adds them up-front so widgets will be initialized properly.
wp_ajax_update_plugin() wp-admin/includes/ajax-actions.php

Ajax handler for updating a plugin.
WP_Session_Tokens::create() wp-includes/class-wp-session-tokens.php

Generates a session token and attaches session information to it.
wp_ajax_parse_embed() wp-admin/includes/ajax-actions.php

Apply [embed] Ajax handlers to a string.
wp_ajax_parse_media_shortcode() wp-admin/includes/ajax-actions.php
retrieve_password() wp-includes/user.php

Handles sending a password retrieval email to a user.
validate_another_blog_signup() wp-signup.php

Validates a new site sign-up for an existing user.
validate_blog_signup() wp-signup.php

Validates new site signup.
display_setup_form() wp-admin/install.php

Displays installer setup form.
WP_MS_Users_List_Table::prepare_items() wp-admin/includes/class-wp-ms-users-list-table.php
wp_prepare_themes_for_js() wp-admin/includes/theme.php

Prepares themes for JavaScript.
WP_Plugins_List_Table::__construct() wp-admin/includes/class-wp-plugins-list-table.php

Constructor.
WP_Plugins_List_Table::no_items() wp-admin/includes/class-wp-plugins-list-table.php
install_theme_search_form() wp-admin/includes/theme-install.php

Displays search form for searching themes.
install_theme_information() wp-admin/includes/theme-install.php

Displays theme information in dialog box form.
Plugin_Installer_Skin::after() wp-admin/includes/class-plugin-installer-skin.php

Action to perform following a plugin install.
stream_preview_image() wp-admin/includes/image-edit.php

Streams image in post to browser, along with enqueued changes in $_REQUEST['history'].
wp_save_image() wp-admin/includes/image-edit.php

Saves image to post, along with enqueued changes in $_REQUEST['history'].
WP_MS_Themes_List_Table::_search_callback() wp-admin/includes/class-wp-ms-themes-list-table.php
WP_Theme_Install_List_Table::prepare_items() wp-admin/includes/class-wp-theme-install-list-table.php
install_search_form() wp-admin/includes/plugin-install.php

Displays a search form for searching plugins.
install_plugin_install_status() wp-admin/includes/plugin-install.php

Determines the status we can perform on a plugin.
install_plugin_information() wp-admin/includes/plugin-install.php

Displays plugin information in dialog box form.
wp_dashboard_rss_control() wp-admin/includes/dashboard.php

The RSS dashboard widget control.
edit_user() wp-admin/includes/user.php

Edit user settings based on contents of $_POST
WP_Plugin_Install_List_Table::prepare_items() wp-admin/includes/class-wp-plugin-install-list-table.php
_admin_search_query() wp-admin/includes/template.php

Displays the search query.
WP_Themes_List_Table::prepare_items() wp-admin/includes/class-wp-themes-list-table.php
WP_Themes_List_Table::_js_vars() wp-admin/includes/class-wp-themes-list-table.php

Send required variables to JavaScript land
WP_MS_Sites_List_Table::prepare_items() wp-admin/includes/class-wp-ms-sites-list-table.php

Prepares the list of sites for display.
WP_Users_List_Table::single_row() wp-admin/includes/class-wp-users-list-table.php

Generate HTML for a single row on the users.php admin panel.
WP_Users_List_Table::prepare_items() wp-admin/includes/class-wp-users-list-table.php

Prepare the users list for display.
media_upload_form_handler() wp-admin/includes/media.php

Handles form submissions for the legacy media uploader.
wp_media_upload_handler() wp-admin/includes/media.php

Handles the process of uploading media.
wp_create_post_autosave() wp-admin/includes/post.php

Creates autosave data for the specified post from $_POST data.
add_meta() wp-admin/includes/post.php

Adds post meta data defined in the $_POST superglobal for a post with given ID.
update_meta() wp-admin/includes/post.php

Updates post meta data by meta ID.
wp_ajax_send_attachment_to_editor() wp-admin/includes/ajax-actions.php

Ajax handler for sending an attachment to the editor.
wp_ajax_send_link_to_editor() wp-admin/includes/ajax-actions.php

Ajax handler for sending a link to the editor.
wp_ajax_heartbeat() wp-admin/includes/ajax-actions.php

Ajax handler for the Heartbeat API.
wp_ajax_query_themes() wp-admin/includes/ajax-actions.php

Ajax handler for getting themes from themes_api() .
edit_post() wp-admin/includes/post.php

Updates an existing post with values provided in $_POST.
get_default_post_to_edit() wp-admin/includes/post.php

Returns default post information to use when populating the “Write Post” form.
post_exists() wp-admin/includes/post.php

Determines if a post exists based on title, content, date and type.
wp_ajax_save_widget() wp-admin/includes/ajax-actions.php

Ajax handler for saving a widget.
wp_ajax_date_format() wp-admin/includes/ajax-actions.php

Ajax handler for date formatting.
wp_ajax_time_format() wp-admin/includes/ajax-actions.php

Ajax handler for time formatting.
wp_ajax_save_attachment() wp-admin/includes/ajax-actions.php

Ajax handler for updating attachment attributes.
wp_ajax_add_meta() wp-admin/includes/ajax-actions.php

Ajax handler for adding meta.
wp_ajax_wp_link_ajax() wp-admin/includes/ajax-actions.php

Ajax handler for internal linking.
wp_ajax_find_posts() wp-admin/includes/ajax-actions.php

Ajax handler for querying posts for the Find Posts modal.
wp_ajax_widgets_order() wp-admin/includes/ajax-actions.php

Ajax handler for saving the widgets order.
wp_ajax_add_link_category() wp-admin/includes/ajax-actions.php

Ajax handler for adding a link category.
wp_ajax_nopriv_heartbeat() wp-admin/includes/ajax-actions.php

Ajax handler for the Heartbeat API in the no-privilege context.
wp_ajax_ajax_tag_search() wp-admin/includes/ajax-actions.php

Ajax handler for tag search.
wp_insert_link() wp-admin/includes/bookmark.php

Inserts a link into the database, or updates an existing link.
get_default_link_to_edit() wp-admin/includes/bookmark.php

Retrieves the default link for editing.
WP_Terms_List_Table::column_name() wp-admin/includes/class-wp-terms-list-table.php
WP_Terms_List_Table::prepare_items() wp-admin/includes/class-wp-terms-list-table.php
request_filesystem_credentials() wp-admin/includes/file.php

Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem.
WP_Customize_Manager::customize_preview_settings() wp-includes/class-wp-customize-manager.php

Prints JavaScript settings for preview frame.
WP_Customize_Manager::save() wp-includes/class-wp-customize-manager.php

Handles customize_save WP Ajax request to save/update a changeset.
WP_Customize_Manager::__construct() wp-includes/class-wp-customize-manager.php

Constructor.
WP_Customize_Manager::doing_ajax() wp-includes/class-wp-customize-manager.php

Returns true if it’s an Ajax request.
spawn_cron() wp-includes/cron.php

Sends a request to run cron through HTTP request that doesn’t halt page loading.
_wp_customize_include() wp-includes/theme.php

Includes and instantiates the WP_Customize_Manager class.
WP::send_headers() wp-includes/class-wp.php

Sends additional HTTP headers for caching, content type, etc.
wp_original_referer_field() wp-includes/functions.php

Retrieves or displays original referer hidden field for forms.
wp_get_referer() wp-includes/functions.php

Retrieves referer from ‘_wp_http_referer’ or HTTP referer.
wp_get_original_referer() wp-includes/functions.php

Retrieves original referer that was posted, if it exists.
wp_update_term() wp-includes/taxonomy.php

Updates term based on arguments provided.
wp_insert_term() wp-includes/taxonomy.php

Adds a new term to the database.
term_exists() wp-includes/taxonomy.php

Determines whether a taxonomy term exists.
wp_insert_user() wp-includes/user.php

Inserts a user into the database.
wp_signon() wp-includes/user.php

Authenticates and logs a user in with ‘remember’ capability.
post_password_required() wp-includes/post-template.php

Determines whether the post requires password and whether a correct password has been provided.
_wp_link_page() wp-includes/post-template.php

Helper function for wp_link_pages() .
trackback_url_list() wp-includes/post.php

Does trackbacks for a list of URLs.
get_pages() wp-includes/post.php

Retrieves an array of pages (or hierarchical post type items).
wp_insert_post() wp-includes/post.php

Inserts or update a post.
wpmu_log_new_registrations() wp-includes/ms-functions.php

Logs the user email, IP, and registration date of a new site.
install_blog() wp-includes/ms-deprecated.php

Install an empty blog.
newblog_notify_siteadmin() wp-includes/ms-functions.php

Notifies the network admin that a new site has been activated.
newuser_notify_siteadmin() wp-includes/ms-functions.php

Notifies the network admin that a new user has been activated.
wpmu_welcome_notification() wp-includes/ms-functions.php

Notifies the site administrator that their site activation was successful.
wpmu_validate_blog_signup() wp-includes/ms-functions.php

Processes new site registrations.
wp_update_nav_menu_item() wp-includes/nav-menu.php

Saves the properties of a menu item or create a new one.
wp_xmlrpc_server::blogger_getPost() wp-includes/class-wp-xmlrpc-server.php

Retrieves a post.
wp_xmlrpc_server::blogger_getRecentPosts() wp-includes/class-wp-xmlrpc-server.php

Retrieves the list of recent posts.
wp_xmlrpc_server::wp_setOptions() wp-includes/class-wp-xmlrpc-server.php

Updates blog options.
wp_xmlrpc_server::set_custom_fields() wp-includes/class-wp-xmlrpc-server.php

Sets custom fields for post.
WP_Customize_Widgets::get_post_value() wp-includes/class-wp-customize-widgets.php

Retrieves an unslashed post value or return a default.
wp_update_comment() wp-includes/comment.php

Updates an existing comment in the database.
wp_insert_comment() wp-includes/comment.php

Inserts a comment into the database.
sanitize_comment_cookies() wp-includes/comment.php

Sanitizes the cookies sent to the user already.
wp_allow_comment() wp-includes/comment.php

Validates whether this comment is allowed to be made.
check_comment() wp-includes/comment.php

Checks whether a comment passes internal checks to be allowed to add.
delete_metadata() wp-includes/meta.php

Deletes metadata for the specified object.
add_metadata() wp-includes/meta.php

Adds metadata for the specified object.
update_metadata() wp-includes/meta.php

Updates metadata for the specified object. If no value already exists for the specified object ID and metadata key, the metadata will be added.
Show 130 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
3.6.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Example

    This function can be used in replacement of stripslashes_deep(). As it is a recursive function, when an array is given, it will remove slashes in all sub-arrays too.

    $arr = array(
	"Is your name O\'reilly?",
	"Person\'s Assets"
);

$arr = wp_unslash( $arr );
/*
 Outputs: 
 array(
      "Is your name O'reilly?",
      "Person's Assets"
 );
*/
  2. Skip to note 2 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Code Tốt

    This function was called when we try to read $_COOKIES:

    $viewed_products = ! empty( $_COOKIE['woocommerce_recently_viewed'] ) ? (array) explode( '|', wp_unslash( $_COOKIE['woocommerce_recently_viewed'] ) ) : array(); // @codingStandardsIgnoreLine
$viewed_products = array_reverse( array_filter( array_map( 'absint', $viewed_products ) ) );
  3. Skip to note 3 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note
    Contributed by Bob Kline

    It’s unfortunate that we have to invoke this function to undo the garbling of the input values performed by WordPress itself. The bug reports for fixing the problem have been thrashing about for years, and it’s unclear whether the problem will ever be fixed, or how. In the meantime here’s one way to deal with it, using a technique which should survive without having to revisit code in the event that WP ever bites the bullet and removes the unwanted escaping.

    • add a hidden field with an apostrophe but no backslash in the value (e.g., “foo’bar”)
    • when processing the posted form, test that value as returned in $_POST
    • if the value contains a backslash character, make a copy of $_POST using wp_unslash()
    • otherwise, WP has abandoned the practice of escaping the posted values, so no unslashing is needed

You must log in before being able to contribute a note or feedback.