wp_unslash( string|array $value ): string|array

Removes slashes from a string or recursively removes slashes from strings within an array.

Contents

Description

This should be used to remove slashes from data passed to core API that expects data to be unslashed.

Top ↑

Parameters

$value string|array Required
String or array of data to unslash.

Top ↑

Return

string|array Unslashed $value, in the same type as supplied.

Top ↑

Source

File: wp-includes/formatting.php. View all references 

function wp_unslash( $value ) {
	return stripslashes_deep( $value );
}

View on Trac View on GitHub

Top ↑

Top ↑

Uses

Uses
Uses Description
stripslashes_deep() wp-includes/formatting.php

Navigates through an array, object, or scalar, and removes slashes from the values.

Top ↑

Used By

Used By
Used By Description
_wp_filter_post_meta_footnotes() wp-includes/blocks.php

Strips all HTML from the content of footnotes, and sanitizes the ID.
wp_autosave_post_revisioned_meta_fields() wp-admin/includes/post.php

Autosave the revisioned meta fields.
wp_get_theme_preview_path() wp-includes/theme-previews.php

Filters the blog option to return the path for the previewed theme.
wp_attach_theme_preview_middleware() wp-includes/theme-previews.php

Adds a middleware to apiFetch to set the theme for the preview.
WP_Site_Health::check_for_page_caching() wp-admin/includes/class-wp-site-health.php

Checks if site has page cache enabled or not.
wp_filter_global_styles_post() wp-includes/kses.php

Sanitizes global styles user content removing unsafe rules.
get_self_link() wp-includes/feed.php

Returns the link for the currently displayed feed.
WP_MS_Sites_List_Table::site_states() wp-admin/includes/class-wp-ms-sites-list-table.php

Determines whether to output comma-separated site states.
WP_MS_Sites_List_Table::get_views() wp-admin/includes/class-wp-ms-sites-list-table.php

Gets links to filter sites by status.
WP_Site_Health::get_test_rest_availability() wp-admin/includes/class-wp-site-health.php

Tests if the REST API is accessible.
WP_Site_Health::can_perform_loopback() wp-admin/includes/class-wp-site-health.php

Runs a loopback test on the site.
wp_initialize_site() wp-includes/ms-site.php

Runs the initialization routine for a given site.
WP_Privacy_Requests_Table::process_bulk_action() wp-admin/includes/class-wp-privacy-requests-table.php

Process bulk actions.
_wp_personal_data_handle_actions() wp-admin/includes/privacy-tools.php

Handle list table actions.
wp_xmlrpc_server::set_term_custom_fields() wp-includes/class-wp-xmlrpc-server.php

Sets custom fields for a term.
wp_start_scraping_edited_file_errors() wp-includes/load.php

Starts scraping edited file errors.
WP_Customize_Manager::handle_load_themes_request() wp-includes/class-wp-customize-manager.php

Loads themes into the theme browsing/installation UI.
wp_ajax_edit_theme_plugin_file() wp-admin/includes/ajax-actions.php

Handles editing a theme or plugin file via AJAX.
wp_edit_theme_plugin_file() wp-admin/includes/file.php

Attempts to edit a file for a theme or plugin.
wp_ajax_get_community_events() wp-admin/includes/ajax-actions.php

Handles Ajax requests for community events
WP_Customize_Nav_Menus::ajax_insert_auto_draft_post() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for adding a new auto-draft post.
wp_ajax_delete_plugin() wp-admin/includes/ajax-actions.php

Handles deleting a plugin via AJAX.
wp_ajax_search_plugins() wp-admin/includes/ajax-actions.php

Handles searching plugins via AJAX.
wp_ajax_install_theme() wp-admin/includes/ajax-actions.php

Handles installing a theme via AJAX.
wp_ajax_update_theme() wp-admin/includes/ajax-actions.php

Handles updating a theme via AJAX.
wp_ajax_delete_theme() wp-admin/includes/ajax-actions.php

Handles deleting a theme via AJAX.
wp_ajax_install_plugin() wp-admin/includes/ajax-actions.php

Handles installing a plugin via AJAX.
wp_get_raw_referer() wp-includes/functions.php

Retrieves unvalidated referer from the ‘_wp_http_referer’ URL query variable or the HTTP referer.
WP_Customize_Selective_Refresh::handle_render_partials_request() wp-includes/customize/class-wp-customize-selective-refresh.php

Handles the Ajax request to return the rendered partials for the requested placements.
WP_REST_Server::serve_request() wp-includes/rest-api/class-wp-rest-server.php

Handles serving a REST API request.
wp_ajax_save_wporg_username() wp-admin/includes/ajax-actions.php

Handles saving the user’s WordPress.org username via AJAX.
WP_Customize_Nav_Menu_Item_Setting::sanitize() wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

Sanitize an input.
WP_Customize_Nav_Menus::ajax_load_available_items() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for loading available menu items.
WP_Customize_Nav_Menus::ajax_search_available_items() wp-includes/class-wp-customize-nav-menus.php

Ajax handler for searching available menu items.
WP_Terms_List_Table::handle_row_actions() wp-admin/includes/class-wp-terms-list-table.php

Generates and displays row action links.
WP_MS_Users_List_Table::handle_row_actions() wp-admin/includes/class-wp-ms-users-list-table.php

Generates and displays row action links.
WP_MS_Users_List_Table::column_username() wp-admin/includes/class-wp-ms-users-list-table.php

Handles the username column output.
WP_User_Search::__construct() wp-admin/includes/deprecated.php

PHP5 Constructor – Sets up the object properties.
WP_Customize_Manager::unsanitized_post_values() wp-includes/class-wp-customize-manager.php

Gets dirty pre-sanitized setting values in the current customized state.
WP_Customize_Widgets::register_settings() wp-includes/class-wp-customize-widgets.php

Inspects the incoming customized data for any widget settings, and dynamically adds them up-front so widgets will be initialized properly.
wp_ajax_update_plugin() wp-admin/includes/ajax-actions.php

Handles updating a plugin via AJAX.
WP_Session_Tokens::create() wp-includes/class-wp-session-tokens.php

Generates a session token and attaches session information to it.
wp_ajax_parse_embed() wp-admin/includes/ajax-actions.php

Applies [embed] Ajax handlers to a string.
wp_ajax_parse_media_shortcode() wp-admin/includes/ajax-actions.php
retrieve_password() wp-includes/user.php

Handles sending a password retrieval email to a user.
validate_another_blog_signup() wp-signup.php

Validates a new site sign-up for an existing user.
validate_blog_signup() wp-signup.php

Validates new site signup.
display_setup_form() wp-admin/install.php

Displays installer setup form.
WP_MS_Users_List_Table::prepare_items() wp-admin/includes/class-wp-ms-users-list-table.php
wp_prepare_themes_for_js() wp-admin/includes/theme.php

Prepares themes for JavaScript.
WP_Plugins_List_Table::__construct() wp-admin/includes/class-wp-plugins-list-table.php

Constructor.
WP_Plugins_List_Table::no_items() wp-admin/includes/class-wp-plugins-list-table.php
install_theme_search_form() wp-admin/includes/theme-install.php

Displays search form for searching themes.
install_theme_information() wp-admin/includes/theme-install.php

Displays theme information in dialog box form.
Plugin_Installer_Skin::after() wp-admin/includes/class-plugin-installer-skin.php

Performs an action following a plugin install.
stream_preview_image() wp-admin/includes/image-edit.php

Streams image in post to browser, along with enqueued changes in $_REQUEST['history'].
wp_save_image() wp-admin/includes/image-edit.php

Saves image to post, along with enqueued changes in $_REQUEST['history'].
WP_MS_Themes_List_Table::_search_callback() wp-admin/includes/class-wp-ms-themes-list-table.php
WP_Theme_Install_List_Table::prepare_items() wp-admin/includes/class-wp-theme-install-list-table.php
install_search_form() wp-admin/includes/plugin-install.php

Displays a search form for searching plugins.
install_plugin_install_status() wp-admin/includes/plugin-install.php

Determines the status we can perform on a plugin.
install_plugin_information() wp-admin/includes/plugin-install.php

Displays plugin information in dialog box form.
wp_dashboard_rss_control() wp-admin/includes/dashboard.php

Sets up the RSS dashboard widget control and $args to be used as input to wp_widget_rss_form() .
edit_user() wp-admin/includes/user.php

Edit user settings based on contents of $_POST
WP_Plugin_Install_List_Table::prepare_items() wp-admin/includes/class-wp-plugin-install-list-table.php
_admin_search_query() wp-admin/includes/template.php

Displays the search query.
WP_Themes_List_Table::prepare_items() wp-admin/includes/class-wp-themes-list-table.php
WP_Themes_List_Table::_js_vars() wp-admin/includes/class-wp-themes-list-table.php

Send required variables to JavaScript land
WP_MS_Sites_List_Table::prepare_items() wp-admin/includes/class-wp-ms-sites-list-table.php

Prepares the list of sites for display.
WP_Users_List_Table::single_row() wp-admin/includes/class-wp-users-list-table.php

Generates HTML for a single row on the users.php admin panel.
WP_Users_List_Table::prepare_items() wp-admin/includes/class-wp-users-list-table.php

Prepares the users list for display.
media_upload_form_handler() wp-admin/includes/media.php

Handles form submissions for the legacy media uploader.
wp_media_upload_handler() wp-admin/includes/media.php

Handles the process of uploading media.
wp_create_post_autosave() wp-admin/includes/post.php

Creates autosave data for the specified post from $_POST data.
add_meta() wp-admin/includes/post.php

Adds post meta data defined in the $_POST superglobal for a post with given ID.
update_meta() wp-admin/includes/post.php

Updates post meta data by meta ID.
edit_post() wp-admin/includes/post.php

Updates an existing post with values provided in $_POST.
get_default_post_to_edit() wp-admin/includes/post.php

Returns default post information to use when populating the “Write Post” form.
post_exists() wp-admin/includes/post.php

Determines if a post exists based on title, content, date and type.
wp_ajax_send_attachment_to_editor() wp-admin/includes/ajax-actions.php

Handles sending an attachment to the editor via AJAX.
wp_ajax_send_link_to_editor() wp-admin/includes/ajax-actions.php

Handles sending a link to the editor via AJAX.
wp_ajax_heartbeat() wp-admin/includes/ajax-actions.php

Handles the Heartbeat API via AJAX.
wp_ajax_query_themes() wp-admin/includes/ajax-actions.php

Handles getting themes from themes_api() via AJAX.
wp_ajax_save_widget() wp-admin/includes/ajax-actions.php

Handles saving a widget via AJAX.
wp_ajax_date_format() wp-admin/includes/ajax-actions.php

Handles formatting a date via AJAX.
wp_ajax_time_format() wp-admin/includes/ajax-actions.php

Handles formatting a time via AJAX.
wp_ajax_save_attachment() wp-admin/includes/ajax-actions.php

Handles updating attachment attributes via AJAX.
wp_ajax_add_meta() wp-admin/includes/ajax-actions.php

Handles adding meta via AJAX.
wp_ajax_wp_link_ajax() wp-admin/includes/ajax-actions.php

Handles internal linking via AJAX.
wp_ajax_find_posts() wp-admin/includes/ajax-actions.php

Handles querying posts for the Find Posts modal via AJAX.
wp_ajax_widgets_order() wp-admin/includes/ajax-actions.php

Handles saving the widgets order via AJAX.
wp_ajax_add_link_category() wp-admin/includes/ajax-actions.php

Handles adding a link category via AJAX.
wp_ajax_nopriv_heartbeat() wp-admin/includes/ajax-actions.php

Handles the Heartbeat API in the no-privilege context via AJAX .
wp_ajax_ajax_tag_search() wp-admin/includes/ajax-actions.php

Handles tag search via AJAX.
wp_insert_link() wp-admin/includes/bookmark.php

Inserts a link into the database, or updates an existing link.
get_default_link_to_edit() wp-admin/includes/bookmark.php

Retrieves the default link for editing.
WP_Terms_List_Table::column_name() wp-admin/includes/class-wp-terms-list-table.php
WP_Terms_List_Table::prepare_items() wp-admin/includes/class-wp-terms-list-table.php
request_filesystem_credentials() wp-admin/includes/file.php

Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem.
WP_Customize_Manager::customize_preview_settings() wp-includes/class-wp-customize-manager.php

Prints JavaScript settings for preview frame.
WP_Customize_Manager::save() wp-includes/class-wp-customize-manager.php

Handles customize_save WP Ajax request to save/update a changeset.
WP_Customize_Manager::__construct() wp-includes/class-wp-customize-manager.php

Constructor.
WP_Customize_Manager::doing_ajax() wp-includes/class-wp-customize-manager.php

Returns true if it’s an Ajax request.
spawn_cron() wp-includes/cron.php

Sends a request to run cron through HTTP request that doesn’t halt page loading.
_wp_customize_include() wp-includes/theme.php

Includes and instantiates the WP_Customize_Manager class.
WP::send_headers() wp-includes/class-wp.php

Sends additional HTTP headers for caching, content type, etc.
wp_original_referer_field() wp-includes/functions.php

Retrieves or displays original referer hidden field for forms.
wp_get_referer() wp-includes/functions.php

Retrieves referer from ‘_wp_http_referer’ or HTTP referer.
wp_get_original_referer() wp-includes/functions.php

Retrieves original referer that was posted, if it exists.
wp_update_term() wp-includes/taxonomy.php

Updates term based on arguments provided.
wp_insert_term() wp-includes/taxonomy.php

Adds a new term to the database.
term_exists() wp-includes/taxonomy.php

Determines whether a taxonomy term exists.
wp_insert_user() wp-includes/user.php

Inserts a user into the database.
wp_signon() wp-includes/user.php

Authenticates and logs a user in with ‘remember’ capability.
post_password_required() wp-includes/post-template.php

Determines whether the post requires password and whether a correct password has been provided.
_wp_link_page() wp-includes/post-template.php

Helper function for wp_link_pages() .
trackback_url_list() wp-includes/post.php

Does trackbacks for a list of URLs.
wp_insert_post() wp-includes/post.php

Inserts or update a post.
wpmu_log_new_registrations() wp-includes/ms-functions.php

Logs the user email, IP, and registration date of a new site.
install_blog() wp-includes/ms-deprecated.php

Install an empty blog.
newblog_notify_siteadmin() wp-includes/ms-functions.php

Notifies the network admin that a new site has been activated.
newuser_notify_siteadmin() wp-includes/ms-functions.php

Notifies the network admin that a new user has been activated.
wpmu_welcome_notification() wp-includes/ms-functions.php

Notifies the site administrator that their site activation was successful.
wpmu_validate_blog_signup() wp-includes/ms-functions.php

Processes new site registrations.
wp_update_nav_menu_item() wp-includes/nav-menu.php

Saves the properties of a menu item or create a new one.
wp_xmlrpc_server::blogger_getPost() wp-includes/class-wp-xmlrpc-server.php

Retrieves a post.
wp_xmlrpc_server::blogger_getRecentPosts() wp-includes/class-wp-xmlrpc-server.php

Retrieves the list of recent posts.
wp_xmlrpc_server::wp_setOptions() wp-includes/class-wp-xmlrpc-server.php

Updates blog options.
wp_xmlrpc_server::set_custom_fields() wp-includes/class-wp-xmlrpc-server.php

Sets custom fields for post.
WP_Customize_Widgets::get_post_value() wp-includes/class-wp-customize-widgets.php

Retrieves an unslashed post value or return a default.
wp_update_comment() wp-includes/comment.php

Updates an existing comment in the database.
wp_insert_comment() wp-includes/comment.php

Inserts a comment into the database.
sanitize_comment_cookies() wp-includes/comment.php

Sanitizes the cookies sent to the user already.
wp_allow_comment() wp-includes/comment.php

Validates whether this comment is allowed to be made.
check_comment() wp-includes/comment.php

Checks whether a comment passes internal checks to be allowed to add.
delete_metadata() wp-includes/meta.php

Deletes metadata for the specified object.
add_metadata() wp-includes/meta.php

Adds metadata for the specified object.
update_metadata() wp-includes/meta.php

Updates metadata for the specified object. If no value already exists for the specified object ID and metadata key, the metadata will be added.
Show 133 more used by Hide more used by

Top ↑

Changelog

Changelog
Version Description
3.6.0 Introduced.

Top ↑

User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 2You must log in to vote on the helpfulness of this note
    Contributed by Bob Kline

    It’s unfortunate that we have to invoke this function to undo the garbling of the input values performed by WordPress itself. The bug reports for fixing the problem have been thrashing about for years, and it’s unclear whether the problem will ever be fixed, or how. In the meantime here’s one way to deal with it, using a technique which should survive without having to revisit code in the event that WP ever bites the bullet and removes the unwanted escaping.

    • add a hidden field with an apostrophe but no backslash in the value (e.g., “foo’bar”)
    • when processing the posted form, test that value as returned in $_POST
    • if the value contains a backslash character, make a copy of $_POST using wp_unslash()
    • otherwise, WP has abandoned the practice of escaping the posted values, so no unslashing is needed
  2. Skip to note 2 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Codex

    Example

    This function can be used in replacement of stripslashes_deep(). As it is a recursive function, when an array is given, it will remove slashes in all sub-arrays too.

    $arr = array(
	"Is your name O\'reilly?",
	"Person\'s Assets"
);

$arr = wp_unslash( $arr );
/*
 Outputs: 
 array(
      "Is your name O'reilly?",
      "Person's Assets"
 );
*/
  3. Skip to note 3 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note
    Contributed by Code Tốt

    This function was called when we try to read $_COOKIES:

    $viewed_products = ! empty( $_COOKIE['woocommerce_recently_viewed'] ) ? (array) explode( '|', wp_unslash( $_COOKIE['woocommerce_recently_viewed'] ) ) : array(); // @codingStandardsIgnoreLine
$viewed_products = array_reverse( array_filter( array_map( 'absint', $viewed_products ) ) );

You must log in before being able to contribute a note or feedback.