kses_remove_filters()

💡 云策文档标注

概述

kses_remove_filters() 是一个快速移除所有 KSES 输入表单内容过滤器的过程函数。它主要用于在 WordPress Loop 中移除 KSES 对内容应用的过滤器，但不会移除 kses_init() 函数从 'init' 和 'set_current_user' 钩子中的注册。

关键要点

移除 KSES 在标题、评论、全局样式和文章内容保存时的过滤器，包括 wp_filter_kses 和 wp_filter_post_kses 等。
不会影响 kses_init() 函数在 'init' 和 'set_current_user' 钩子中的默认优先级注册。
适用于需要临时禁用 KSES 过滤的场景，如自定义内容处理或调试。

代码示例

function kses_remove_filters() {
	// Normal filtering.
	remove_filter( 'title_save_pre', 'wp_filter_kses' );

	// Comment filtering.
	remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
	remove_filter( 'pre_comment_content', 'wp_filter_kses' );

	// Global Styles filtering.
	remove_filter( 'content_save_pre', 'wp_filter_global_styles_post', 9 );
	remove_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post', 9 );

	// Post filtering.
	remove_filter( 'content_save_pre', 'wp_filter_post_kses' );
	remove_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
	remove_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
}

注意事项

KSES 是“KSES Strips Evil Scripts”的递归缩写，是一个 PHP 编写的 HTML/XHTML 过滤器，用于移除恶意脚本和防止跨站脚本攻击（XSS）。
使用此函数可能降低内容安全性，建议仅在必要时调用，并确保后续恢复或采取其他安全措施。

📄 原文内容

Removes all KSES input form content filters.

Description

A quick procedural method to removing all of the filters that KSES uses for content in WordPress Loop.

Does not remove the kses_init() function from ‘init’ hook (priority is default). Also does not remove kses_init() function from ‘set_current_user’ hook (priority is also default).

Source

function kses_remove_filters() {
	// Normal filtering.
	remove_filter( 'title_save_pre', 'wp_filter_kses' );

	// Comment filtering.
	remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
	remove_filter( 'pre_comment_content', 'wp_filter_kses' );

	// Global Styles filtering.
	remove_filter( 'content_save_pre', 'wp_filter_global_styles_post', 9 );
	remove_filter( 'content_filtered_save_pre', 'wp_filter_global_styles_post', 9 );

	// Post filtering.
	remove_filter( 'content_save_pre', 'wp_filter_post_kses' );
	remove_filter( 'excerpt_save_pre', 'wp_filter_post_kses' );
	remove_filter( 'content_filtered_save_pre', 'wp_filter_post_kses' );
}

View all references View on Trac View on GitHub

Uses	Description
remove_filter()`wp-includes/plugin.php`	Removes a callback function from a filter hook.

Used by	Description
wp_handle_comment_submission()`wp-includes/comment.php`	Handles the submission of a comment, usually posted to wp-comments-post.php via a comment form.
wp_ajax_replyto_comment()`wp-admin/includes/ajax-actions.php`	Handles replying to a comment via AJAX.
kses_init()`wp-includes/kses.php`	Sets up most of the KSES filters for input form content.
WP_Embed::shortcode()`wp-includes/class-wp-embed.php`	The do_shortcode() callback function.

Changelog

Version	Description
2.0.6	Introduced.

User Contributed Notes

Skip to note 2 content

a4jp

4 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

Notes: KSES is a recursive acronym which stands for “KSES Strips Evil Scripts”. KSES is an HTML/XHTML filter written in PHP. It removes all unwanted HTML elements and attributes, and it also does several checks on attribute values. KSES can be used to avoid Cross-Site Scripting (XSS).

Log in to add feedback

云策 WordPress 开发者社区

函数文档

kses_remove_filters()

概述

关键要点

代码示例

注意事项

Description

Source

Changelog

User Contributed Notes

函数文档

概述

关键要点

代码示例

注意事项

Description

Source

Related

Changelog

User Contributed Notes