If I sanitize and save some meta text (called 'message') entered by the user like like this...
如果我清理并保存用户输入的一些元文本(称为“消息”),就像这样......
update_post_meta($post_id, 'message', sanitize_text_field($_POST['message']));
...and then retrieve and attempt to re-display the text like this...
...然后检索并尝试重新显示这样的文本......
echo '<textarea id="message" name="message">' . esc_textarea( get_post_meta( $post->ID, 'message', true ) ) . '</textarea>';
...all the line breaks get lost.
...所有的换行都会丢失。
In accordance with the WordPress codex, the line breaks are being stripped out by the sanitize_text_field() function. So how can I sanitize the text entered by the user without losing their line breaks?
根据WordPress codex,sanitize_text_field()函数正在删除换行符。那么如何在不丢失换行符的情况下清理用户输入的文本呢?
4 个解决方案
#1
35
A more elegant solution:
更优雅的解决方案:
update_post_meta(
$post_id,
'message',
implode( "\n", array_map( 'sanitize_text_field', explode( "\n", $_POST['message'] ) ) )
);
#2
24
Since Wordpress 4.7.0
自Wordpress 4.7.0
Use sanitize_textarea_field instead of sanitize_text_field
使用sanitize_textarea_field而不是sanitize_text_field
#3
1
If line breaks are the only thing sanitize_text_field
is removing that you want to keep, you could just str_replace
for "\n"
before and after calling sanitize_text_field
.
如果换行是sanitize_text_field唯一要删除的内容,那么在调用sanitize_text_field之前和之后你可以只调用“\ n”。
$fake_newline = '--OMGKEEPTHISNEWLINE--'; # or some unique string
$escaped_newlines = str_replace("\n", $fake_newline, $_POST['message']);
$sanitized = sanitize_text_field($escaped_newlines);
update_post_meta($post_id, 'message', str_replace($fake_newline", "\n", $sanitized));
If you want to customize sanitization more, you should probably rely on more fine-grained sanitize_*
functions provided by WordPress.
如果您想更多地自定义清理,您应该依赖WordPress提供的更细粒度的sanitize_ *函数。
#4
1
I've been trying to use this method myself, and find that apostrophes in the textarea are escaped by backslashes on the way in, which then aren't removed by esc_textarea on the way out.
我一直试图自己使用这个方法,并发现textarea中的撇号在进入途中被反斜杠转义,然后在出路时不会被esc_textarea删除。
So I've ended up having to use
所以我最终不得不使用
stripslashes( esc_textarea( $THING ) )
to successfully remove them from the textarea when redisplaying.
在重新显示时成功从textarea中删除它们。
#1
35
A more elegant solution:
更优雅的解决方案:
update_post_meta(
$post_id,
'message',
implode( "\n", array_map( 'sanitize_text_field', explode( "\n", $_POST['message'] ) ) )
);
#2
24
Since Wordpress 4.7.0
自Wordpress 4.7.0
Use sanitize_textarea_field instead of sanitize_text_field
使用sanitize_textarea_field而不是sanitize_text_field
#3
1
If line breaks are the only thing sanitize_text_field
is removing that you want to keep, you could just str_replace
for "\n"
before and after calling sanitize_text_field
.
如果换行是sanitize_text_field唯一要删除的内容,那么在调用sanitize_text_field之前和之后你可以只调用“\ n”。
$fake_newline = '--OMGKEEPTHISNEWLINE--'; # or some unique string
$escaped_newlines = str_replace("\n", $fake_newline, $_POST['message']);
$sanitized = sanitize_text_field($escaped_newlines);
update_post_meta($post_id, 'message', str_replace($fake_newline", "\n", $sanitized));
If you want to customize sanitization more, you should probably rely on more fine-grained sanitize_*
functions provided by WordPress.
如果您想更多地自定义清理,您应该依赖WordPress提供的更细粒度的sanitize_ *函数。
#4
1
I've been trying to use this method myself, and find that apostrophes in the textarea are escaped by backslashes on the way in, which then aren't removed by esc_textarea on the way out.
我一直试图自己使用这个方法,并发现textarea中的撇号在进入途中被反斜杠转义,然后在出路时不会被esc_textarea删除。
So I've ended up having to use
所以我最终不得不使用
stripslashes( esc_textarea( $THING ) )
to successfully remove them from the textarea when redisplaying.
在重新显示时成功从textarea中删除它们。