-
-
Save pbrocks/aeddca52447d42fe0034ff8e508ca23d to your computer and use it in GitHub Desktop.
ACF's `the_field` function is insecure by default, here's a selection of wrappers that fix that
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| function the_field_url( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_url( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_url_raw( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_url_raw( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_attr( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_attr( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_js( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_js( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_html( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_html( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_kses_post( $selector, $post_id=0, $format_value=true ) { | |
| echo wp_kses_post( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_kses( $selector, $post_id=0, $format_value=true, $allowed_html ) { | |
| echo wp_kses( get_field( $selector, $post_id, $format_value ), $allowed_html ); | |
| } | |
| function the_field_json_encode( $selector, $post_id=0, $format_value=true ) { | |
| echo wp_json_encode( get_field( $selector, $post_id, $format_value ) ); | |
| } | |
| function the_field_textarea( $selector, $post_id=0, $format_value=true ) { | |
| echo esc_textarea( get_field( $selector, $post_id, $format_value ) ); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment