Product Management, WordPress, and some other odd things
How much do we trust user input? Not. At. All. That’s how much we trust user input. You just don’t know where they’ve been! WordPress has such a plethora of functions for escaping and filtering input and output, that I’m always discovering new possibilities. One I found recently is wp_kses, which allows you to strip …
Continue reading “Filtering HTML to exclude all but a small number of HTML elements and attributes”
Today I found myself wanting to use a query similar to SELECT DISTINCT post_id FROM $wpdb->posts WHERE meta_key IN ( ‘string_x’, ‘string_y’, ‘string_z’ ), but where I needed to construct the values for the list of strings from an array of untrusted values (because we never trust inputs, we always look suspiciously on them if …
Continue reading “Escaping lists of strings for SQL in WordPress”