sanitize_post_field( string $field, mixed $value, int $post_id, string $context = 'display' )
Sanitizes a post field based on context.
Description
Possible context values are: ‘raw’, ‘edit’, ‘db’, ‘display’, ‘attribute’ and ‘js’. The ‘display’ context is used by default. ‘attribute’ and ‘js’ contexts are treated like ‘display’ when calling filters.
Parameters
- $field
-
(string) (Required) The Post Object field name.
- $value
-
(mixed) (Required) The Post Object value.
- $post_id
-
(int) (Required) Post ID.
- $context
-
(string) (Optional) How to sanitize the field. Possible values are 'raw', 'edit', 'db', 'display', 'attribute' and 'js'.
Default value: 'display'
Return
(mixed) Sanitized value.
More Information
Uses apply_filters():
- Calls 'edit_{$field}' and '{$field_no_prefix}_edit_pre' passing $value and $post_id if $context is 'edit' and field name prefix is 'post_'.
- Calls 'edit_post_{$field}' passing $value and $post_id if $context is 'db'.
- Calls 'pre_{$field}' passing $value if $context is 'db' and field name prefix is 'post_'.
- Calls '{$field}_pre' passing $value if $context is 'db' and field name prefix is not 'post_'.
- Calls '{$field}' passing $value, $post_id and $context if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is 'post_'.
- Calls 'post_$field' passing $value if $context is anything other than 'raw', 'edit' and 'db' and field name prefix is not 'post_'.
Source
File: wp-includes/post.php
function sanitize_post_field( $field, $value, $post_id, $context = 'display' ) { $int_fields = array( 'ID', 'post_parent', 'menu_order' ); if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } // Fields which contain arrays of integers. $array_int_fields = array( 'ancestors' ); if ( in_array( $field, $array_int_fields, true ) ) { $value = array_map( 'absint', $value ); return $value; } if ( 'raw' === $context ) { return $value; } $prefixed = false; if ( false !== strpos( $field, 'post_' ) ) { $prefixed = true; $field_no_prefix = str_replace( 'post_', '', $field ); } if ( 'edit' === $context ) { $format_to_edit = array( 'post_content', 'post_excerpt', 'post_title', 'post_password' ); if ( $prefixed ) { /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "edit_{$field}", $value, $post_id ); /** * Filters the value of a specific post field to edit. * * The dynamic portion of the hook name, `$field_no_prefix`, refers to * the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. * @param int $post_id Post ID. */ $value = apply_filters( "{$field_no_prefix}_edit_pre", $value, $post_id ); } else { $value = apply_filters( "edit_post_{$field}", $value, $post_id ); } if ( in_array( $field, $format_to_edit, true ) ) { if ( 'post_content' === $field ) { $value = format_to_edit( $value, user_can_richedit() ); } else { $value = format_to_edit( $value ); } } else { $value = esc_attr( $value ); } } elseif ( 'db' === $context ) { if ( $prefixed ) { /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "pre_{$field}", $value ); /** * Filters the value of a specific field before saving. * * The dynamic portion of the hook name, `$field_no_prefix`, refers * to the post field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field_no_prefix}_save_pre", $value ); } else { $value = apply_filters( "pre_post_{$field}", $value ); /** * Filters the value of a specific post field before saving. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the post field. */ $value = apply_filters( "{$field}_pre", $value ); } } else { // Use display filters by default. if ( $prefixed ) { /** * Filters the value of a specific post field for display. * * The dynamic portion of the hook name, `$field`, refers to the post * field name. * * @since 2.3.0 * * @param mixed $value Value of the prefixed post field. * @param int $post_id Post ID. * @param string $context Context for how to sanitize the field. * Accepts 'raw', 'edit', 'db', 'display', * 'attribute', or 'js'. Default 'display'. */ $value = apply_filters( "{$field}", $value, $post_id, $context ); } else { $value = apply_filters( "post_{$field}", $value, $post_id, $context ); } if ( 'attribute' === $context ) { $value = esc_attr( $value ); } elseif ( 'js' === $context ) { $value = esc_js( $value ); } } // Restore the type for integer fields after esc_attr(). if ( in_array( $field, $int_fields, true ) ) { $value = (int) $value; } return $value; }
Changelog
Version | Description |
---|---|
4.4.0 | Like sanitize_post() , $context defaults to 'display'. |
2.3.0 | Introduced. |
© 2003–2021 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/functions/sanitize_post_field