您可能已经知道,主题开发人员可以使用WordPress Customizer API 为其主题创建设置,从而允许网站所有者微调配色方案、背景图像和其他自定义选项等内容,并实时查看这些更改的预览。
由于我们永远不应该信任用户输入,因此定制器 API 需要为每个设置定义一个回调函数来验证和清理输入。下面的代码示例将演示如何为各种数据类型定义清理回调函数。为了方便起见,代码还包括在主题定制器中添加部分和设置的方法。
清理单选框
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//radio box sanitization functionfunction theme_slug_sanitize_radio( $input, $setting ){//input must be a slug: lowercase alphanumeric characters, dashes and underscores are allowed only$input = sanitize_key($input);//get the list of possible radio box options$choices = $setting->manager->get_control( $setting->id )->choices;//return input if valid or return default optionreturn ( array_key_exists( $input, $choices ) ? $input : $setting->default );}//add setting to your section$wp_customize->add_setting('theme_slug_customizer_radio',array('sanitize_callback' => 'theme_slug_sanitize_radio'));$wp_customize->add_control('theme_slug_customizer_radio',array('label' => esc_html__( 'Your Setting with Radio Box', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'radio','choices' => array('one' => esc_html__('Choice One','theme_slug'),'two' => esc_html__('Choice Two','theme_slug'),'three' => esc_html__('Choice Three','theme_slug'))));}add_action( 'customize_register', 'theme_slug_customizer' );
清理多选框
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//checkbox sanitization functionfunction theme_slug_sanitize_checkbox( $input ){//returns true if checkbox is checkedreturn ( isset( $input ) ? true : false );}//add setting to your section$wp_customize->add_setting('theme_slug_customizer_checkbox',array('default' => '','sanitize_callback' => 'theme_slug_sanitize_checkbox'));$wp_customize->add_control('theme_slug_customizer_checkbox',array('label' => esc_html__( 'Your Setting with Checkbox', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'checkbox'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理 select 选项
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//select sanitization functionfunction theme_slug_sanitize_select( $input, $setting ){//input must be a slug: lowercase alphanumeric characters, dashes and underscores are allowed only$input = sanitize_key($input);//get the list of possible select options$choices = $setting->manager->get_control( $setting->id )->choices;//return input if valid or return default optionreturn ( array_key_exists( $input, $choices ) ? $input : $setting->default );}//add setting to your section$wp_customize->add_setting('theme_slug_customizer_select',array('sanitize_callback' => 'theme_slug_sanitize_select'));$wp_customize->add_control('theme_slug_customizer_select',array('label' => esc_html__( 'Your Setting with select', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'select','choices' => array('' => esc_html__('Please select','theme_slug'),'one' => esc_html__('Choice One','theme_slug'),'two' => esc_html__('Choice Two','theme_slug'),'three' => esc_html__('Choice Three','theme_slug'))));}add_action( 'customize_register', 'theme_slug_customizer' );
清理单行文本和多行文本域
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_text',array('sanitize_callback' => 'wp_filter_nohtml_kses' //removes all HTML from content));$wp_customize->add_control('theme_slug_customizer_text',array('label' => esc_html__( 'Your Setting with text input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'text'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理邮箱地址
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_email',array('sanitize_callback' => 'sanitize_email' //removes all invalid characters));$wp_customize->add_control('theme_slug_customizer_email',array('label' => esc_html__( 'Your Setting with email input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'email'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理网址
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_url',array('sanitize_callback' => 'esc_url_raw' //cleans URL from all invalid characters));$wp_customize->add_control('theme_slug_customizer_url',array('label' => esc_html__( 'Your Setting with URL input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'url'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理数字
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_number',array('sanitize_callback' => 'absint' //converts value to a non-negative integer));$wp_customize->add_control('theme_slug_customizer_number',array('label' => esc_html__( 'Your Setting with number input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'number'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理下拉页面
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_dropdown_pages',array('sanitize_callback' => 'absint' //input value is a page ID so it must be a positive integer));$wp_customize->add_control('theme_slug_customizer_dropdown_pages',array('label' => esc_html__( 'Your Setting with dropdown_pages input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'dropdown-pages'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理文件上传
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//file input sanitization functionfunction theme_slug_sanitize_file( $file, $setting ) {//allowed file types$mimes = array('jpg|jpeg|jpe' => 'image/jpeg','gif' => 'image/gif','png' => 'image/png');//check file type from file name$file_ext = wp_check_filetype( $file, $mimes );//if file has a valid mime type return it, otherwise return defaultreturn ( $file_ext['ext'] ? $file : $setting->default );}//add select setting to your section$wp_customize->add_setting('theme_slug_customizer_file',array('sanitize_callback' => 'theme_slug_sanitize_file'));$wp_customize->add_control(new WP_Customize_Upload_Control($wp_customize,'theme_slug_customizer_file',array('label' => __( 'Your Setting with file input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section')));}add_action( 'customize_register', 'theme_slug_customizer' );
清理 CSS
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_css',array('sanitize_callback' => 'wp_strip_all_tags' //strip all HTML tags including script and style));$wp_customize->add_control('theme_slug_customizer_css',array('label' => esc_html__( 'Your Setting with CSS input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'textarea'));}add_action( 'customize_register', 'theme_slug_customizer' );
清理 HTML 颜色代码
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_color',array('default' => '#000000','sanitize_callback' => 'sanitize_hex_color' //validates 3 or 6 digit HTML hex color code));$wp_customize->add_control(new WP_Customize_Color_Control($wp_customize,'theme_slug_customizer_color',array('label' => __( 'Your Setting with color input', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section')));}add_action( 'customize_register', 'theme_slug_customizer' );
清理 HTML 代码
使用wp_kses_post()仅保留帖子内容中允许的 HTML 标签的功能。
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//add setting to your section$wp_customize->add_setting('theme_slug_customizer_html_code',array('sanitize_callback' => 'wp_kses_post' //keeps only HTML tags that are allowed in post content));$wp_customize->add_control('theme_slug_customizer_html_code',array('label' => esc_html__( 'Your Setting with HTML code', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'textarea'));}add_action( 'customize_register', 'theme_slug_customizer' );
或者,您可以使用wp_kses()函数来定义允许的 HTML 标记和属性,如下所示:
$allowed_html = array('a' => array('href' => array(),'title' => array()),'br' => array(),'em' => array(),'strong' => array(),);wp_kses($input, $allowed_html);
清理 JAVASCRIPT 代码
我们正在使用base64_encode()函数将脚本正确保存在数据库中,并使用base64_decode()函数来转义自定义程序中 textarea 的脚本。还可以在前端使用base64_decode()函数来回显脚本。
function theme_slug_customizer( $wp_customize ) {//your section$wp_customize->add_section('theme_slug_customizer_your_section',array('title' => esc_html__( 'Your Section', 'theme_slug' ),'priority' => 150));//script input sanitization functionfunction theme_slug_sanitize_js_code($input){return base64_encode($input);}//output escape functionfunction theme_slug_escape_js_output($input){return esc_textarea( base64_decode($input) );}//add setting to your section$wp_customize->add_setting('theme_slug_customizer_js_code',array('sanitize_callback' => 'theme_slug_sanitize_js_code', //encode for DB insert'sanitize_js_callback' => 'theme_slug_escape_js_output' //ecape script for the textarea));$wp_customize->add_control('theme_slug_customizer_js_code',array('label' => esc_html__( 'Your Setting with JS code', 'theme_slug' ),'section' => 'theme_slug_customizer_your_section','type' => 'textarea'));}add_action( 'customize_register', 'theme_slug_customizer' );
WordPress 清理函数列表
以下是WordPress清理函数列表。也许其中之一更适合您的项目。
- absint() – 将值转换为正整数,对数字、ID 等有用。
- esc_url_raw() – 用于在数据库中安全插入 URL
- sanitize_email() – 去除电子邮件地址中不允许出现的所有字符
- sanitize_file_name() – 删除某些操作系统上文件名中非法的特殊字符
- sanitize_hex_color() – 返回 3 或 6 位十六进制颜色,带 #,或不返回
- sanitize_hex_color_no_hash() – 与上面相同,但没有 #
- sanitize_html_class() – 清理 HTML 类名以确保它只包含有效字符
- sanitize_key() – 允许使用小写字母数字字符、破折号和下划线
- sanitize_mime_type() – 用于在数据库中保存 mime 类型,例如上传文件的类型
- sanitize_option() – 清理update_option()和add_option()等对各种选项类型所做的值。以下是可用选项列表:https ://codex.wordpress.org/Function_Reference/sanitize_option#Notes
- sanitize_sql_orderby() – 确保字符串是有效的 SQL order by 子句
- sanitize_text_field() – 删除所有 HTML 标记以及多余的空格,只留下纯文本
- sanitize_title() – 返回值适合在 URL 中使用
- sanitize_title_for_query() – 用于从 URL 查询数据库中的值
- sanitize_title_with_dashes() – 与上面相同,但它不替换特殊的重音字符
- sanitize_user() – 清理用户名,去除不安全的字符
- wp_filter_post_kses(), wp_kses_post() – 它只保留在帖子内容中允许的 HTML 标签
- wp_kses() – 仅允许您指定的 HTML 标记和属性
- wp_kses_data() – 使用允许的 HTML Kses 规则清理内容
- wp_rel_nofollow() – 将 rel nofollow 字符串添加到内容中的所有 HTML A 元素
还有一些 PHP 函数来填补一些空白。
- filter_var($variable, $filter) – 使用特定过滤器过滤变量
- strlen() – 获取字符串长度,用于邮政编码、电话号码
注:本文出自 divpusher.com ,由 WordPress大学 翻译整理。
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
