wp_unslash( string|array $value ): string|array

Removes slashes from a string or recursively removes slashes from strings within an array.


Description

This should be used to remove slashes from data passed to core API that expects data to be unslashed.


Top ↑

Parameters

$value string|array Required
String or array of data to unslash.

Top ↑

Return

string|array Unslashed $value.


Top ↑

Source

File: wp-includes/formatting.php. View all references

function wp_unslash( $value ) {
	return stripslashes_deep( $value );
}


Top ↑

Changelog

Changelog
Version Description
3.6.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    Contributed by Codex

    Example

    This function can be used in replacement of stripslashes_deep(). As it is a recursive function, when an array is given, it will remove slashes in all sub-arrays too.

    $arr = array(
    	"Is your name O\'reilly?",
    	"Person\'s Assets"
    );
    
    $arr = wp_unslash( $arr );
    /*
     Outputs: 
     array(
          "Is your name O'reilly?",
          "Person's Assets"
     );
    */
  2. Skip to note 2 content
    Contributed by Code Tốt

    This function was called when we try to read $_COOKIES:

    $viewed_products = ! empty( $_COOKIE['woocommerce_recently_viewed'] ) ? (array) explode( '|', wp_unslash( $_COOKIE['woocommerce_recently_viewed'] ) ) : array(); // @codingStandardsIgnoreLine
    $viewed_products = array_reverse( array_filter( array_map( 'absint', $viewed_products ) ) );
  3. Skip to note 3 content
    Contributed by Bob Kline

    It’s unfortunate that we have to invoke this function to undo the garbling of the input values performed by WordPress itself. The bug reports for fixing the problem have been thrashing about for years, and it’s unclear whether the problem will ever be fixed, or how. In the meantime here’s one way to deal with it, using a technique which should survive without having to revisit code in the event that WP ever bites the bullet and removes the unwanted escaping.

    • add a hidden field with an apostrophe but no backslash in the value (e.g., “foo’bar”)
    • when processing the posted form, test that value as returned in $_POST
    • if the value contains a backslash character, make a copy of $_POST using wp_unslash()
    • otherwise, WP has abandoned the practice of escaping the posted values, so no unslashing is needed

You must log in before being able to contribute a note or feedback.