云策 WordPress 开发者社区

函数文档

kses_init_filters()

查看官方原文 ↗
💡 云策文档标注

概述

kses_init_filters() 函数用于初始化 KSES 输入表单内容过滤器,为 WordPress 核心保存操作添加 HTML 过滤钩子,确保内容安全。它根据用户权限和内容类型分配不同的过滤函数。

关键要点

  • 函数为标题、评论、内容和摘要等保存操作添加 KSES 过滤器,防止恶意 HTML 输入。
  • 使用 wp_filter_kses() 和 wp_filter_post_kses() 函数,根据钩子类型进行过滤,例如 wp_filter_kses() 用于 'title_save_pre' 和部分评论场景。
  • 权限控制:如果当前用户有 'unfiltered_html' 能力,评论内容使用 wp_filter_post_kses(),否则使用 wp_filter_kses()。
  • 包含全局样式过滤:通过 wp_filter_global_styles_post() 在 'content_save_pre' 和 'content_filtered_save_pre' 钩子上以优先级 9 执行,确保在正常 HTML 过滤前处理。
  • 函数自 WordPress 2.0.0 版本引入,是 kses_init() 的一部分,用于设置输入表单的 KSES 过滤器。

代码示例

function kses_init_filters() {
    // Normal filtering.
    add_filter( 'title_save_pre', 'wp_filter_kses' );

    // Comment filtering.
    if ( current_user_can( 'unfiltered_html' ) ) {
        add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
    } else {
        add_filter( 'pre_comment_content', 'wp_filter_kses' );
    }

    // Global Styles filtering: Global Styles filters should be executed before normal post_kses HTML filters.
    add_filter( 'content_save_pre', 'wp_filter_global_styles_post', 9 );
    add_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post', 9 );

    // Post filtering.
    add_filter( 'content_save_pre', 'wp_filter_post_kses' );
    add_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
    add_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
}
📄 原文内容

Adds all KSES input form content filters.

Description

All hooks have default priority. The wp_filter_kses() function is added to the ‘pre_comment_content’ and ‘title_save_pre’ hooks.

The wp_filter_post_kses() function is added to the ‘content_save_pre’, ‘excerpt_save_pre’, and ‘content_filtered_save_pre’ hooks.

Source

function kses_init_filters() {
	// Normal filtering.
	add_filter( 'title_save_pre', 'wp_filter_kses' );

	// Comment filtering.
	if ( current_user_can( 'unfiltered_html' ) ) {
		add_filter( 'pre_comment_content', 'wp_filter_post_kses' );
	} else {
		add_filter( 'pre_comment_content', 'wp_filter_kses' );
	}

	// Global Styles filtering: Global Styles filters should be executed before normal post_kses HTML filters.
	add_filter( 'content_save_pre', 'wp_filter_global_styles_post', 9 );
	add_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post', 9 );

	// Post filtering.
	add_filter( 'content_save_pre', 'wp_filter_post_kses' );
	add_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
	add_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
}

View all references View on Trac View on GitHub

Uses Description
current_user_can()wp-includes/capabilities.php

Returns whether the current user has the specified capability.
add_filter()wp-includes/plugin.php

Adds a callback function to a filter hook.
Used by Description
wp_handle_comment_submission()wp-includes/comment.php

Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
wp_ajax_replyto_comment()wp-admin/includes/ajax-actions.php

Handles replying to a comment via AJAX.
kses_init()wp-includes/kses.php

Sets up most of the KSES filters for input form content.
WP_Embed::shortcode()wp-includes/class-wp-embed.php

The do_shortcode() callback function.

Changelog

Version Description
2.0.0 Introduced.