防止 WordPress 的默认输入清理 [英] Prevent WordPress' default input sanitization

问题描述

每当我从 </code> 或 <code>input</code> 文件中获得输入时，WordPress 都会清理我的输入并转义所有特殊字符.如何禁用此功能?例如，如果我有以下接受 C++ 代码的 html 代码，例如 <code>cout<<<<"hello world"</code> WordPress 会将其转换为 <code>cout<<\"hello世界\";</code>.<em class="showen"></em></p> <p class="en">Whenever I get an input from a <code><textarea></code> or an <code>input</code> filed, WordPress sanitize my input and escape all special characters. How can I disable this feature? For example, if I have the following html code that accept a C++ code such as <code>cout<<"hello world";</code> WordPress will convert it to <code>cout<<\"hello world\";</code>.</p> <pre><code><code><!--HTML code--> <form action="/action.php" method="post"> <input type="text" name="mycode" value="cout<<'hello world';"> <input type="submit" value="Submit"> </form> </code></code></pre> <p class="cn">.</p> <pre><code><code><?php //PHP code for action.php file echo $_POST['mycode'];//This output will have all the special characters escaped //I need this to give me the original text entered by the user without /s. ?> </code></code></pre> <p class="cn">我使用的是 WordPress 5.7.2 版.任何时候我使用像 <code> \, ', " 这样的特殊字符时</code> 他们会在他们面前得到 <code>\</code> .我使用不同的 WordPress 主题尝试过这个，结果仍然相同.如果我使用 <code>stripcslashes($_POST['mycode'])</code> 这将摆脱这些 <code>\</code>.但是想知道是否有办法从一开始就阻止 WordPress 这样做.下面显示了我得到的输入和输出的图像.<em class="showen"></em></p> <p class="en">I am using WordPress version 5.7.2. Any time I use a special characters like <code> \, ', " </code> They will get <code>\</code> in front of them. I have tried this using different WordPress themes and the result is still the same. If I use <code>stripcslashes($_POST['mycode'])</code> this get ride of these <code>\</code>. But was wondering if there is a way to stop WordPress from doing this from the start. Following shows an image of the input and output I get.</p> <p class="cn"></p> <h3 class="best_ans mt-1">推荐答案</h3> <p class="cn">这是一个非常简单的 hack-y 想法<em class="showen"></em></p> <p class="en">Here's an insanely simple hack-y idea</p> <p class="cn">在 <code>/index.php</code> 的顶部，在 WP 获得它对传入数据的贪婪小手指之前，添加以下行:<em class="showen"></em></p> <p class="en">At the top of <code>/index.php</code>, before WP gets it's greedy little fingers on your incoming data, add this line:</p> <pre><code><code>$_SPOST = null; if (isset($_SERVER['REQUEST_METHOD']) && strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') { $_SPOST = $_POST; } </code></code></pre> <p class="cn">然后只要你知道你将把代码内容传回浏览器<em class="showen"></em></p> <p class="en">Then whenever you know you'll be passing code content back to the browser</p> <pre><code><code><?php //PHP code for action.php file echo $_SPOST['mycode'];//This output will have all the special characters escaped //I need this to give me the original text entered by the user without /s. ?> </code></code></pre> <p class="cn">但是等等，还有更多......我们可以在 wordpress 生态系统中重新连接，并在我们的帖子被摆弄和清理后改变它.<em class="showen"></em></p> <p class="en">But wait, there's more.. we can hook back up within the wordpress ecosystem and transform our post after it's been fiddled with and sanitized.</p> <p class="cn"><a href="https://perishablepress.com/modify-get-post-requests-wordpress/" rel="nofollow noreferrer">这个页面</a>让我想到了使用 <a href="https://developer.wordpress.org/reference/hooks/parse_request/" rel="nofollow noreferrer">parse_request</a>，在解析当前请求的所有查询变量后触发.<em class="showen"></em></p> <p class="en">This page gave me the idea to use parse_request, which fires once all query variables for the current request have been parsed.</p> <pre><code><code>function use_spost() { if (isset($_SPOST)) $_POST = $_SPOST; } add_action('parse_request', 'use_spost', 1); </code></code></pre> <p>这篇关于防止 WordPress 的默认输入清理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！</p> </div> <div class="arc-body-main-more"> <span onclick="unlockarc('2492771');">查看全文</span> </div> </div> <div> </div> <div class="wwads-cn wwads-horizontal" data-id="166" style="max-width:100%;border: 4px solid #666;"></div> </div> </article> <div id="arc-ad-2" class="mb-1"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5038752844014834" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-format="autorelaxed" data-ad-client="ca-pub-5038752844014834" data-ad-slot="3921941283"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> <div class="widget bgwhite radius-1 mb-1 shadow widget-rel"> <h5>相关文章</h5> <ul> <li> <a target="_blank" title="默认输入屏幕" href="/1388611.html"> 默认输入屏幕; </a> </li> <li> <a target="_blank" title="默认输入元素大小" href="/870446.html"> 默认输入元素大小; </a> </li> <li> <a target="_blank" title="SimpleForm默认输入类" href="/2895103.html"> SimpleForm默认输入类; </a> </li> <li> <a target="_blank" title="HTML / PHP - 默认输入值" href="/773652.html"> HTML / PHP - 默认输入值; </a> </li> <li> <a target="_blank" title="HTML/PHP - 默认输入值" href="/2699088.html"> HTML/PHP - 默认输入值; </a> </li> <li> <a target="_blank" title="Chrome默认输入文字边框" href="/1164467.html"> Chrome默认输入文字边框; </a> </li> <li> <a target="_blank" title="Chrome中的默认输入边框" href="/820017.html"> Chrome中的默认输入边框; </a> </li> <li> <a target="_blank" title="purrr::pmap 与其他默认输入" href="/2347101.html"> purrr::pmap 与其他默认输入; </a> </li> <li> <a target="_blank" title="复制Chrome默认输入的大纲样式" href="/573337.html"> 复制Chrome默认输入的大纲样式; </a> </li> <li> <a target="_blank" title="FormType默认输入值的形式相同" href="/775109.html"> FormType默认输入值的形式相同; </a> </li> <li> <a target="_blank" title="在表单标签中打开默认输入" href="/2365158.html"> 在表单标签中打开默认输入; </a> </li> <li> <a target="_blank" title="反应形式不接收默认输入值" href="/1925717.html"> 反应形式不接收默认输入值; </a> </li> <li> <a target="_blank" title="隐藏默认输入，直到触发为止" href="/1092918.html"> 隐藏默认输入，直到触发为止; </a> </li> <li> <a target="_blank" title="PyAudio IOError:没有可用的默认输入设备" href="/2347529.html"> PyAudio IOError:没有可用的默认输入设备; </a> </li> <li> <a target="_blank" title="更改Android的音频记录默认输入源" href="/140311.html"> 更改Android的音频记录默认输入源; </a> </li> <li> <a target="_blank" title="操作系统错误：没有可用的默认输入设备" href="/2883851.html"> 操作系统错误：没有可用的默认输入设备; </a> </li> <li> <a target="_blank" title="Paypal 支付标准默认输入卡详细信息" href="/2737723.html"> Paypal 支付标准默认输入卡详细信息; </a> </li> <li> <a target="_blank" title="我可以更改Chrome中HTML颜色输入的默认输入格式吗?" href="/2264673.html"> 我可以更改Chrome中HTML颜色输入的默认输入格式吗?; </a> </li> <li> <a target="_blank" title="Powershell 编码默认输出" href="/2339617.html"> Powershell 编码默认输出; </a> </li> <li> <a target="_blank" title=""OSError:没有可用的默认输入设备"在Google Colab上" href="/2265795.html"> "OSError:没有可用的默认输入设备"在Google Colab上; </a> </li> <li> <a target="_blank" title="如何在 .Net Console App 中设置默认输入值?" href="/2699087.html"> 如何在 .Net Console App 中设置默认输入值?; </a> </li> <li> <a target="_blank" title="贝宝付款标准默认输入卡详细信息" href="/1734459.html"> 贝宝付款标准默认输入卡详细信息; </a> </li> <li> <a target="_blank" title="如何覆盖对象的默认输出？" href="/1013548.html"> 如何覆盖对象的默认输出？; </a> </li> <li> <a target="_blank" title="如何阻止Spring的默认输出？" href="/980319.html"> 如何阻止Spring的默认输出？; </a> </li> <li> <a target="_blank" title="导出Firebase数据并将其设置为模板驱动形式的默认输入" href="/759835.html"> 导出Firebase数据并将其设置为模板驱动形式的默认输入; </a> </li> </ul> </div> <div class="mb-1"> <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5038752844014834" crossorigin="anonymous"></script> <ins class="adsbygoogle" style="display:block" data-ad-format="autorelaxed" data-ad-client="ca-pub-5038752844014834" data-ad-slot="3921941283"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script> </div> </div> <div class="side"> <div class="widget widget-side bgwhite mb-1 shadow"> <h5>PHP最新文章</h5> <ul> <li> <a target="_blank" title="请求头字段Access-Control-Allow-Headers在预检响应中不允许Access-Control-Allow-Headers" href="/558143.html"> 请求头字段Access-Control-Allow-Headers在预检响应中不允许Access-Control-Allow-Headers; </a> </li> <li> <a target="_blank" title="路由问题导致Symfony \ Component \ HttpKernel \ Exception \ NotFoundHttpException错误" href="/548154.html"> 路由问题导致Symfony \ Component \ HttpKernel \ Exception \ NotFoundHttpException错误; </a> </li> <li> <a target="_blank" title="什么是NCFB和NOFB模式？" href="/681571.html"> 什么是NCFB和NOFB模式？; </a> </li> <li> <a target="_blank" title="警告：mysqli_connect（）：（HY000 / 1045）：访问被拒绝用户'用户名'@'localhost'（使用密码：是）" href="/594668.html"> 警告：mysqli_connect（）：（HY000 / 1045）：访问被拒绝用户'用户名'@'localhost'（使用密码：是）; </a> </li> <li> <a target="_blank" title="如何处理致命错误：cURL错误7：无法连接到xxxx端口443" href="/589688.html"> 如何处理致命错误：cURL错误7：无法连接到xxxx端口443; </a> </li> <li> <a target="_blank" title="参数3传递给GuzzleHttp\Client :: request（）必须是数组类型，给定字符串" href="/748988.html"> 参数3传递给GuzzleHttp\Client :: request（）必须是数组类型，给定字符串; </a> </li> <li> <a target="_blank" title="phpMyAdmin的＃2054无法登录到MySQL服务器" href="/218086.html"> phpMyAdmin的＃2054无法登录到MySQL服务器; </a> </li> <li> <a target="_blank" title="SSL错误SSL3_GET_SERVER_CERTIFICATE：证书验证失败" href="/215284.html"> SSL错误SSL3_GET_SERVER_CERTIFICATE：证书验证失败; </a> </li> <li> <a target="_blank" title="在PHPExcel中设置字体颜色，字体和字体大小" href="/511258.html"> 在PHPExcel中设置字体颜色，字体和字体大小; </a> </li> <li> <a target="_blank" title="如何解决cURL错误（7）：无法连接到主机？" href="/588378.html"> 如何解决cURL错误（7）：无法连接到主机？; </a> </li> </ul> </div> <div class="widget widget-side bgwhite mb-1 shadow"> <h5> 热门教程 </h5> <ul> <li> <a target="_blank" title="Java教程" href="/OnLineTutorial/java/index.html"> Java教程 </a> </li> <li> <a target="_blank" title="Apache ANT 教程" href="/OnLineTutorial/ant/index.html"> Apache ANT 教程 </a> </li> <li> <a target="_blank" title="Kali Linux教程" href="/OnLineTutorial/kali_linux/index.html"> Kali Linux教程 </a> </li> <li> <a target="_blank" title="JavaScript教程" href="/OnLineTutorial/javascript/index.html"> JavaScript教程 </a> </li> <li> <a target="_blank" title="JavaFx教程" href="/OnLineTutorial/javafx/index.html"> JavaFx教程 </a> </li> <li> <a target="_blank" title="MFC 教程" href="/OnLineTutorial/mfc/index.html"> MFC 教程 </a> </li> <li> <a target="_blank" title="Apache HTTP客户端教程" href="/OnLineTutorial/apache_httpclient/index.html"> Apache HTTP客户端教程 </a> </li> <li> <a target="_blank" title="Microsoft Visio 教程" href="/OnLineTutorial/microsoft_visio/index.html"> Microsoft Visio 教程 </a> </li> </ul> </div> <div class="widget widget-side bgwhite mb-1 shadow"> <h5> 热门工具 </h5> <ul> <li> <a target="_blank" title="Java 在线工具" href="/Onlinetools/details/4"> Java 在线工具 </a> </li> <li> <a target="_blank" title="C(GCC) 在线工具" href="/Onlinetools/details/6"> C(GCC) 在线工具 </a> </li> <li> <a target="_blank" title="PHP 在线工具" href="/Onlinetools/details/8"> PHP 在线工具 </a> </li> <li> <a target="_blank" title="C# 在线工具" href="/Onlinetools/details/1"> C# 在线工具 </a> </li> <li> <a target="_blank" title="Python 在线工具" href="/Onlinetools/details/5"> Python 在线工具 </a> </li> <li> <a target="_blank" title="MySQL 在线工具" href="/Onlinetools/Dbdetails/33"> MySQL 在线工具 </a> </li> <li> <a target="_blank" title="VB.NET 在线工具" href="/Onlinetools/details/2"> VB.NET 在线工具 </a> </li> <li> <a target="_blank" title="Lua 在线工具" href="/Onlinetools/details/14"> Lua 在线工具 </a> </li> <li> <a target="_blank" title="Oracle 在线工具" href="/Onlinetools/Dbdetails/35"> Oracle 在线工具 </a> </li> <li> <a target="_blank" title="C++(GCC) 在线工具" href="/Onlinetools/details/7"> C++(GCC) 在线工具 </a> </li> <li> <a target="_blank" title="Go 在线工具" href="/Onlinetools/details/20"> Go 在线工具 </a> </li> <li> <a target="_blank" title="Fortran 在线工具" href="/Onlinetools/details/45"> Fortran 在线工具 </a> </li> </ul> </div> </div> </div> <script type="text/javascript">var eskeys = '防止,wordpress,的,默认,输入,清理'; var cat = 'cc';';//php</script> </div> <div id="pop" onclick="pophide();"> <div id="pop_body" onclick="event.stopPropagation();"> <h6 class="flex flex101"> 登录 <span onclick="pophide();">关闭</span> </h6> <div class="pd-1"> <div class="wxtip center"> <span>扫码关注<em>1秒</em>登录</span> </div> <div class="center"> <img id="qr" src="https://huajiakeji.com/Content/Images/qrydx.jpg" alt="" style="width:150px;height:150px;" /> </div> <div style="margin-top:10px;display:flex;justify-content: center;"> <input type="text" placeholder="输入验证码" id="txtcode" autocomplete="off" /> <input id="btngo" type="button" onclick="chk()" value="GO" /> </div> <div class="center" style="margin: 4px; font-size: .8rem; color: #f60;"> 发送“验证码”获取 <em style="padding: 0 .5rem;">|</em> <span style="color: #01a05c;">15天全站免登陆</span> </div> <div id="chkinfo" class="tip"></div> </div> </div> </div> <script type="text/javascript" src="https://lib.sinaapp.com/js/jquery/1.9.1/jquery-1.9.1.min.js"></script> <script type="text/javascript" src="https://cdn.bootcss.com/jquery-cookie/1.4.1/jquery.cookie.min.js"></script> <script type="text/javascript" src="https://img01.yuandaxia.cn/Scripts/highlight.min.js"></script> <script type="text/javascript" src="https://img01.yuandaxia.cn/Scripts/base.js?v=0.22"></script> <script type="text/javascript" src="https://img01.yuandaxia.cn/Scripts/tui.js?v=0.11"></script> <footer class="footer"> <div class="container"> <div class="flink mb-1"> 友情链接： <a href="https://www.it1352.com/" target="_blank">IT屋</a> <a href="https://huajiakeji.com/" target="_blank">Chrome插件</a> <a href="https://www.cnplugins.com/" target="_blank">谷歌浏览器插件</a> </div> <section class="copyright-section"> <a href="https://www.it1352.com" title="IT屋-程序员软件开发技术分享社区">IT屋</a> ©2016-2022 <a href="http://www.beian.miit.gov.cn/" target="_blank">琼ICP备2021000895号-1</a> <a href="/sitemap.html" target="_blank" title="站点地图">站点地图</a> <a href="/Home/Tags" target="_blank" title="站点标签">站点标签</a> <a target="_blank" alt="sitemap" href="/sitemap.xml">SiteMap</a> <a href="/1155981.html" title="IT屋-免责申明"><免责申明></a> 本站内容来源互联网,如果侵犯您的权益请联系我们删除. </section> <!--统计代码--> <script type="text/javascript"> var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?0c3a090f7b3c4ad458ac1296cb5cc779"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })(); </script> <script type="text/javascript"> (function () { var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s); })(); </script> </div> </footer> </body> </html>