get_the_title()

💡 云策文档标注

概述

get_the_title() 函数用于检索文章标题，支持处理受保护和私密文章的前缀添加，并可通过过滤器钩子进行自定义。

关键要点

函数接受可选参数 $post，可以是文章 ID 或 WP_Post 对象，默认使用全局 $post。
返回字符串类型的文章标题，非管理员访问时，受保护文章会添加“Protected:”前缀，私密文章会添加“Private:”前缀。
内部使用 get_post() 获取文章数据，并应用 protected_title_format、private_title_format 和 the_title 过滤器。
函数允许 HTML 内容，输出时需根据安全需求使用 esc_html() 或 wp_kses_post() 进行转义。
相关函数包括 the_title() 用于显示标题，the_title_attribute() 用于属性安全输出。

代码示例

// 打印当前文章标题
echo get_the_title();

// 安全输出标题（转义 HTML）
echo esc_html( get_the_title() );

// 允许特定 HTML 标签输出
echo wp_kses_post( get_the_title() );

注意事项

get_the_title() 返回的标题可能包含通过 the_title 过滤器添加的 HTML 标记，直接输出需谨慎处理安全风险。
如需原始标题值（未过滤），可直接访问 WP_Post 对象的 post_title 属性，例如 get_post($post_id)->post_title。
在主题或插件开发中，应根据上下文选择适当的转义函数，避免 XSS 漏洞。

📄 原文内容

Retrieves the post title.

Description

If the post is protected and the visitor is not an admin, then “Protected” will be inserted before the post title. If the post is private, then “Private” will be inserted before the post title.

Parameters

$postint|WP_Postoptional: Post ID or WP_Post object. Default is global $post.

Return

string

Source

function get_the_title( $post = 0 ) {
	$post = get_post( $post );

	$post_title = isset( $post->post_title ) ? $post->post_title : '';
	$post_id    = isset( $post->ID ) ? $post->ID : 0;

	if ( ! is_admin() ) {
		if ( ! empty( $post->post_password ) ) {

			/* translators: %s: Protected post title. */
			$prepend = __( 'Protected: %s' );

			/**
			 * Filters the text prepended to the post title for protected posts.
			 *
			 * The filter is only applied on the front end.
			 *
			 * @since 2.8.0
			 *
			 * @param string  $prepend Text displayed before the post title.
			 *                         Default 'Protected: %s'.
			 * @param WP_Post $post    Current post object.
			 */
			$protected_title_format = apply_filters( 'protected_title_format', $prepend, $post );

			$post_title = sprintf( $protected_title_format, $post_title );
		} elseif ( isset( $post->post_status ) && 'private' === $post->post_status ) {

			/* translators: %s: Private post title. */
			$prepend = __( 'Private: %s' );

			/**
			 * Filters the text prepended to the post title of private posts.
			 *
			 * The filter is only applied on the front end.
			 *
			 * @since 2.8.0
			 *
			 * @param string  $prepend Text displayed before the post title.
			 *                         Default 'Private: %s'.
			 * @param WP_Post $post    Current post object.
			 */
			$private_title_format = apply_filters( 'private_title_format', $prepend, $post );

			$post_title = sprintf( $private_title_format, $post_title );
		}
	}

	/**
	 * Filters the post title.
	 *
	 * @since 0.71
	 *
	 * @param string $post_title The post title.
	 * @param int    $post_id    The post ID.
	 */
	return apply_filters( 'the_title', $post_title, $post_id );
}

View all references View on Trac View on GitHub

Hooks

apply_filters( ‘private_title_format’, string $prepend, WP_Post $post ): Filters the text prepended to the post title of private posts.
apply_filters( ‘protected_title_format’, string $prepend, WP_Post $post ): Filters the text prepended to the post title for protected posts.
apply_filters( ‘the_title’, string $post_title, int $post_id ): Filters the post title.

Uses	Description
__()`wp-includes/l10n.php`	Retrieves the translation of $text.
is_admin()`wp-includes/load.php`	Determines whether the current request is for an administrative interface page.
apply_filters()`wp-includes/plugin.php`	Calls the callback functions that have been added to a filter hook.
get_post()`wp-includes/post.php`	Retrieves post data given a post ID or post object.

Show 2 more Show less

Used by	Description
WP_REST_Global_Styles_Controller::prepare_item_for_response()`wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php`	Prepare a global styles config output for response.
get_adjacent_image_link()`wp-includes/media.php`	Gets the next or previous image link that has the same post parent.
WP_REST_Post_Search_Handler::prepare_item()`wp-includes/rest-api/search/class-wp-rest-post-search-handler.php`	Prepares the search result for a given post ID.
get_the_privacy_policy_link()`wp-includes/link-template.php`	Returns the privacy policy link with formatting, when applicable.
WP_REST_Revisions_Controller::prepare_item_for_response()`wp-includes/rest-api/endpoints/class-wp-rest-revisions-controller.php`	Prepares the revision for the REST response.
WP_REST_Posts_Controller::prepare_item_for_response()`wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php`	Prepares a single post output for response.
wp_embed_excerpt_more()`wp-includes/embed.php`	Filters the string in the ‘more’ link displayed after a trimmed excerpt.
get_post_embed_html()`wp-includes/embed.php`	Retrieves the embed code for a specific post.
get_oembed_response_data()`wp-includes/embed.php`	Retrieves the oEmbed response data for a given post.
_draft_or_post_title()`wp-admin/includes/template.php`	Gets the post title.
wp_prepare_revisions_for_js()`wp-admin/includes/revision.php`	Prepare revisions for JavaScript.
WP_Comments_List_Table::column_response()`wp-admin/includes/class-wp-comments-list-table.php`
Walker_Nav_Menu_Edit::start_el()`wp-admin/includes/class-walker-nav-menu-edit.php`	Start the element output.
_wp_ajax_menu_quick_search()`wp-admin/includes/nav-menu.php`	Prints the appropriate response to a menu quick search.
WP_Widget_Recent_Posts::widget()`wp-includes/widgets/class-wp-widget-recent-posts.php`	Outputs the content for the current Recent Posts widget instance.
WP_Widget_Recent_Comments::widget()`wp-includes/widgets/class-wp-widget-recent-comments.php`	Outputs the content for the current Recent Comments widget instance.
get_the_title_rss()`wp-includes/feed.php`	Retrieves the current post title for the feed.
the_title()`wp-includes/post-template.php`	Displays or retrieves the current post title with optional markup.
the_title_attribute()`wp-includes/post-template.php`	Sanitizes the current title when retrieving or displaying.
wp_xmlrpc_server::_prepare_comment()`wp-includes/class-wp-xmlrpc-server.php`	Prepares comment data for return in an XML-RPC object.
trackback_rdf()`wp-includes/comment-template.php`	Generates and displays the RDF for the trackback information of current post.
comments_popup_link()`wp-includes/comment-template.php`	Displays the link to the comments for the current post ID.
_WP_Editors::wp_link_query()`wp-includes/class-wp-editor.php`	Performs post queries for internal linking.

Show 18 more Show less

Changelog

Version	Description
0.71	Introduced.

User Contributed Notes

Skip to note 5 content

Jon (Kenshino)

10 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 22You must log in to vote on the helpfulness of this note
get_the_title intentionally allows for HTML

So get_the_title should not be escaped.

Use the_title_attribute() instead of get_the_title() if you’re outputting the post title for html attributes.
```
<a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>"></a>
```
Log in to add feedback
Skip to note 6 content

Tom J Nowell

9 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 16You must log in to vote on the helpfulness of this note
get_the_title should be escaped.

Super admins and administrators have the ability to enter arbitrary HTML in the title field, but that doesn’t prevent problems from appearing, for example:
- A rogue administrator adds a script tag with malicious javscript
- A hacker manages to change the title via an exploit
- A compromised plugin uses a filter to change the title
- A broken plugin allows it to be changed
- A hacker has broken into Redis/APC/Memcached and modified the cache
- File based caches have been compromised
All of this is a non-issue with escaping, which makes sure what’s outputted is what you expected. That doesn’t mean you can’t let users put HTML in there, as long as you specify which tags are allowed

To display the title safely, do this:
```
echo esc_html( get_the_title() );
```
And if you want the title to include HTML tags:
```
echo wp_kses_post( get_the_title() );
```
- If you escape the result of get_the_title(), don’t be surprised when you get escaped tags in your output. If you want just the title with without any markup, you need to use the_title_attribute() instead, as described by @kenshino above. Plugins can and do add markup to the the title via the hook the_title.
  
  pepe 7 years ago
Log in to add feedback

Skip to note 7 content

znowebdev

11 years ago

Print the current post’s title

echo get_the_title();

Simple breadcrumb trail for pages, two levels deep.

 
echo '<div class="breadcrumb">';
	// If there is a parent, display the link.
	$parent_title = get_the_title( $post->post_parent );

	if ( $parent_title != the_title( ' ', ' ', false ) ) {
		echo '<a href="' . esc_url( get_permalink( $post->post_parent ) ) . '" alt="' . esc_attr( $parent_title ) . '">' . $parent_title . '</a> » ';
	}

	// Then go on to the current page link.
	echo '<a href="' . esc_url( get_permalink() ) . '" rel="bookmark" alt="' . esc_attr( get_the_title() ) . '">' . get_the_title() . '</a>';
echo '</div>';

Skip to note 8 content

erdembircan

5 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

get_the_title is being filtered before value return. If you are checking for raw value of a post title, for empty titles you might get an ‘untitled’ string value depending on the locale of the blog. In order to get raw value of a post title, use get_post and access its post_title property

Log in to add feedback

云策 WordPress 开发者社区

函数文档