防止 WordPress 的默认输入清理 [英] Prevent WordPress' default input sanitization
问题描述
每当我从 或
input
文件中获得输入时,WordPress 都会清理我的输入并转义所有特殊字符.如何禁用此功能?例如,如果我有以下接受 C++ 代码的 html 代码,例如 cout<<<<"hello world"
WordPress 会将其转换为 cout<<\"hello世界\";
.
Whenever I get an input from a <textarea>
or an input
filed, WordPress sanitize my input and escape all special characters. How can I disable this feature? For example, if I have the following html code that accept a C++ code such as cout<<"hello world";
WordPress will convert it to cout<<\"hello world\";
.
<!--HTML code-->
<form action="/action.php" method="post">
<input type="text" name="mycode" value="cout<<'hello world';">
<input type="submit" value="Submit">
</form>
.
<?php
//PHP code for action.php file
echo $_POST['mycode'];//This output will have all the special characters escaped
//I need this to give me the original text entered by the user without /s.
?>
我使用的是 WordPress 5.7.2 版.任何时候我使用像 \, ', " 这样的特殊字符时
他们会在他们面前得到 \
.我使用不同的 WordPress 主题尝试过这个,结果仍然相同.如果我使用 stripcslashes($_POST['mycode'])
这将摆脱这些 \
.但是想知道是否有办法从一开始就阻止 WordPress 这样做.下面显示了我得到的输入和输出的图像.
I am using WordPress version 5.7.2. Any time I use a special characters like \, ', "
They will get \
in front of them. I have tried this using different WordPress themes and the result is still the same. If I use stripcslashes($_POST['mycode'])
this get ride of these \
. But was wondering if there is a way to stop WordPress from doing this from the start. Following shows an image of the input and output I get.
推荐答案
这是一个非常简单的 hack-y 想法
Here's an insanely simple hack-y idea
在 /index.php
的顶部,在 WP 获得它对传入数据的贪婪小手指之前,添加以下行:
At the top of /index.php
, before WP gets it's greedy little fingers on your incoming data, add this line:
$_SPOST = null;
if (isset($_SERVER['REQUEST_METHOD']) && strtoupper($_SERVER['REQUEST_METHOD']) === 'POST') {
$_SPOST = $_POST;
}
然后只要你知道你将把代码内容传回浏览器
Then whenever you know you'll be passing code content back to the browser
<?php
//PHP code for action.php file
echo $_SPOST['mycode'];//This output will have all the special characters escaped
//I need this to give me the original text entered by the user without /s.
?>
但是等等,还有更多......我们可以在 wordpress 生态系统中重新连接,并在我们的帖子被摆弄和清理后改变它.
But wait, there's more.. we can hook back up within the wordpress ecosystem and transform our post after it's been fiddled with and sanitized.
这个页面让我想到了使用 parse_request,在解析当前请求的所有查询变量后触发.
This page gave me the idea to use parse_request, which fires once all query variables for the current request have been parsed.
function use_spost() {
if (isset($_SPOST)) $_POST = $_SPOST;
}
add_action('parse_request', 'use_spost', 1);
这篇关于防止 WordPress 的默认输入清理的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!