wp_unslash()
概述
wp_unslash() 是 WordPress 核心函数,用于从字符串或数组中递归移除反斜杠。它主要用于处理传递给核心 API 的数据,确保数据符合预期格式。
关键要点
- 函数接受字符串或数组作为参数,递归移除反斜杠,返回相同类型的未转义值
- 内部调用 stripslashes_deep() 实现功能,适用于处理 $_POST、$_GET 等可能被转义的数据
- 在 WordPress 3.6.0 版本引入,广泛用于各种核心功能如 AJAX 处理、自定义器、用户输入清理等场景
代码示例
$arr = array(
"Is your name O'reilly?",
"Person's Assets"
);
$arr = wp_unslash( $arr );
// 输出:array("Is your name O'reilly?", "Person's Assets")注意事项
- 主要用于修复 WordPress 自动添加的反斜杠转义,常见于表单提交和 Cookie 处理
- 开发者应注意数据来源,避免不必要的转义移除操作
Removes slashes from a string or recursively removes slashes from strings within an array.
Description
This should be used to remove slashes from data passed to core API that expects data to be unslashed.
Parameters
$valuestring|arrayrequired-
String or array of data to unslash.
Return
string|array Unslashed $value, in the same type as supplied.
Source
function wp_unslash( $value ) {
return stripslashes_deep( $value );
}
Related
| Uses | Description |
|---|---|
stripslashes_deep()wp-includes/formatting.php |
Navigates through an array, object, or scalar, and removes slashes from the values. |
| Used by | Description |
|---|---|
WP_Automatic_Updater::has_fatal_error()wp-admin/includes/class-wp-automatic-updater.php |
Performs a loopback request to check for potential fatal errors. |
WP_Plugin_Dependencies::check_plugin_dependencies_during_ajax()wp-includes/class-wp-plugin-dependencies.php |
Checks plugin dependencies after a plugin is installed via AJAX. |
wp_ajax_activate_plugin()wp-admin/includes/ajax-actions.php |
Handles activating a plugin via AJAX. |
_wp_filter_post_meta_footnotes()wp-includes/blocks.php |
Strips all HTML from the content of footnotes, and sanitizes the ID. |
wp_autosave_post_revisioned_meta_fields()wp-admin/includes/post.php |
Autosaves the revisioned meta fields. |
wp_get_theme_preview_path()wp-includes/theme-previews.php |
Filters the blog option to return the path for the previewed theme. |
wp_attach_theme_preview_middleware()wp-includes/theme-previews.php |
Adds a middleware to |
WP_Site_Health::check_for_page_caching()wp-admin/includes/class-wp-site-health.php |
Checks if site has page cache enabled or not. |
wp_filter_global_styles_post()wp-includes/kses.php |
Sanitizes global styles user content removing unsafe rules. |
get_self_link()wp-includes/feed.php |
Returns the link for the currently displayed feed. |
WP_MS_Sites_List_Table::site_states()wp-admin/includes/class-wp-ms-sites-list-table.php |
Determines whether to output comma-separated site states. |
WP_MS_Sites_List_Table::get_views()wp-admin/includes/class-wp-ms-sites-list-table.php |
Gets links to filter sites by status. |
WP_Site_Health::get_test_rest_availability()wp-admin/includes/class-wp-site-health.php |
Tests if the REST API is accessible. |
WP_Site_Health::can_perform_loopback()wp-admin/includes/class-wp-site-health.php |
Runs a loopback test on the site. |
wp_initialize_site()wp-includes/ms-site.php |
Runs the initialization routine for a given site. |
WP_Privacy_Requests_Table::process_bulk_action()wp-admin/includes/class-wp-privacy-requests-table.php |
Process bulk actions. |
_wp_personal_data_handle_actions()wp-admin/includes/privacy-tools.php |
Handle list table actions. |
wp_xmlrpc_server::set_term_custom_fields()wp-includes/class-wp-xmlrpc-server.php |
Sets custom fields for a term. |
wp_start_scraping_edited_file_errors()wp-includes/load.php |
Starts scraping edited file errors. |
WP_Customize_Manager::handle_load_themes_request()wp-includes/class-wp-customize-manager.php |
Loads themes into the theme browsing/installation UI. |
wp_ajax_edit_theme_plugin_file()wp-admin/includes/ajax-actions.php |
Handles editing a theme or plugin file via AJAX. |
wp_edit_theme_plugin_file()wp-admin/includes/file.php |
Attempts to edit a file for a theme or plugin. |
wp_ajax_get_community_events()wp-admin/includes/ajax-actions.php |
Handles Ajax requests for community events |
WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()wp-includes/class-wp-customize-nav-menus.php |
Ajax handler for adding a new auto-draft post. |
wp_ajax_delete_plugin()wp-admin/includes/ajax-actions.php |
Handles deleting a plugin via AJAX. |
wp_ajax_search_plugins()wp-admin/includes/ajax-actions.php |
Handles searching plugins via AJAX. |
wp_ajax_install_theme()wp-admin/includes/ajax-actions.php |
Handles installing a theme via AJAX. |
wp_ajax_update_theme()wp-admin/includes/ajax-actions.php |
Handles updating a theme via AJAX. |
wp_ajax_delete_theme()wp-admin/includes/ajax-actions.php |
Handles deleting a theme via AJAX. |
wp_ajax_install_plugin()wp-admin/includes/ajax-actions.php |
Handles installing a plugin via AJAX. |
wp_get_raw_referer()wp-includes/functions.php |
Retrieves unvalidated referer from the ‘_wp_http_referer’ URL query variable or the HTTP referer. |
WP_Customize_Selective_Refresh::handle_render_partials_request()wp-includes/customize/class-wp-customize-selective-refresh.php |
Handles the Ajax request to return the rendered partials for the requested placements. |
WP_REST_Server::serve_request()wp-includes/rest-api/class-wp-rest-server.php |
Handles serving a REST API request. |
wp_ajax_save_wporg_username()wp-admin/includes/ajax-actions.php |
Handles saving the user’s WordPress.org username via AJAX. |
WP_Customize_Nav_Menu_Item_Setting::sanitize()wp-includes/customize/class-wp-customize-nav-menu-item-setting.php |
Sanitize an input. |
WP_Customize_Nav_Menus::ajax_load_available_items()wp-includes/class-wp-customize-nav-menus.php |
Ajax handler for loading available menu items. |
WP_Customize_Nav_Menus::ajax_search_available_items()wp-includes/class-wp-customize-nav-menus.php |
Ajax handler for searching available menu items. |
WP_Terms_List_Table::handle_row_actions()wp-admin/includes/class-wp-terms-list-table.php |
Generates and displays row action links. |
WP_MS_Users_List_Table::handle_row_actions()wp-admin/includes/class-wp-ms-users-list-table.php |
Generates and displays row action links. |
WP_MS_Users_List_Table::column_username()wp-admin/includes/class-wp-ms-users-list-table.php |
Handles the username column output. |
WP_User_Search::__construct()wp-admin/includes/deprecated.php |
PHP5 Constructor – Sets up the object properties. |
WP_Customize_Manager::unsanitized_post_values()wp-includes/class-wp-customize-manager.php |
Gets dirty pre-sanitized setting values in the current customized state. |
WP_Customize_Widgets::register_settings()wp-includes/class-wp-customize-widgets.php |
Inspects the incoming customized data for any widget settings, and dynamically adds them up-front so widgets will be initialized properly. |
wp_ajax_update_plugin()wp-admin/includes/ajax-actions.php |
Handles updating a plugin via AJAX. |
WP_Session_Tokens::create()wp-includes/class-wp-session-tokens.php |
Generates a session token and attaches session information to it. |
wp_ajax_parse_embed()wp-admin/includes/ajax-actions.php |
Applies Ajax handlers to a string. |
wp_ajax_parse_media_shortcode()wp-admin/includes/ajax-actions.php |
|
retrieve_password()wp-includes/user.php |
Handles sending a password retrieval email to a user. |
validate_another_blog_signup()wp-signup.php |
Validates a new site sign-up for an existing user. |
validate_blog_signup()wp-signup.php |
Validates new site signup. |
display_setup_form()wp-admin/install.php |
Displays installer setup form. |
WP_MS_Users_List_Table::prepare_items()wp-admin/includes/class-wp-ms-users-list-table.php |
|
wp_prepare_themes_for_js()wp-admin/includes/theme.php |
Prepares themes for JavaScript. |
WP_Plugins_List_Table::__construct()wp-admin/includes/class-wp-plugins-list-table.php |
Constructor. |
WP_Plugins_List_Table::no_items()wp-admin/includes/class-wp-plugins-list-table.php |
|
install_theme_search_form()wp-admin/includes/theme-install.php |
Displays search form for searching themes. |
install_theme_information()wp-admin/includes/theme-install.php |
Displays theme information in dialog box form. |
Plugin_Installer_Skin::after()wp-admin/includes/class-plugin-installer-skin.php |
Performs an action following a plugin install. |
stream_preview_image()wp-admin/includes/image-edit.php |
Streams image in post to browser, along with enqueued changes in |
wp_save_image()wp-admin/includes/image-edit.php |
Saves image to post, along with enqueued changes in |
WP_MS_Themes_List_Table::_search_callback()wp-admin/includes/class-wp-ms-themes-list-table.php |
|
WP_Theme_Install_List_Table::prepare_items()wp-admin/includes/class-wp-theme-install-list-table.php |
|
install_search_form()wp-admin/includes/plugin-install.php |
Displays a search form for searching plugins. |
install_plugin_install_status()wp-admin/includes/plugin-install.php |
Determines the status we can perform on a plugin. |
install_plugin_information()wp-admin/includes/plugin-install.php |
Displays plugin information in dialog box form. |
wp_dashboard_rss_control()wp-admin/includes/dashboard.php |
Sets up the RSS dashboard widget control and $args to be used as input to wp_widget_rss_form() . |
edit_user()wp-admin/includes/user.php |
Edit user settings based on contents of $_POST |
WP_Plugin_Install_List_Table::prepare_items()wp-admin/includes/class-wp-plugin-install-list-table.php |
|
_admin_search_query()wp-admin/includes/template.php |
Displays the search query. |
WP_Themes_List_Table::prepare_items()wp-admin/includes/class-wp-themes-list-table.php |
|
WP_Themes_List_Table::_js_vars()wp-admin/includes/class-wp-themes-list-table.php |
Send required variables to JavaScript land |
WP_Users_List_Table::single_row()wp-admin/includes/class-wp-users-list-table.php |
Generates HTML for a single row on the users.php admin panel. |
WP_MS_Sites_List_Table::prepare_items()wp-admin/includes/class-wp-ms-sites-list-table.php |
Prepares the list of sites for display. |
WP_Users_List_Table::prepare_items()wp-admin/includes/class-wp-users-list-table.php |
Prepares the users list for display. |
media_upload_form_handler()wp-admin/includes/media.php |
Handles form submissions for the legacy media uploader. |
wp_media_upload_handler()wp-admin/includes/media.php |
Handles the process of uploading media. |
wp_create_post_autosave()wp-admin/includes/post.php |
Creates autosave data for the specified post from |
add_meta()wp-admin/includes/post.php |
Adds post meta data defined in the |
update_meta()wp-admin/includes/post.php |
Updates post meta data by meta ID. |
edit_post()wp-admin/includes/post.php |
Updates an existing post with values provided in |
get_default_post_to_edit()wp-admin/includes/post.php |
Returns default post information to use when populating the “Write Post” form. |
post_exists()wp-admin/includes/post.php |
Determines if a post exists based on title, content, date and type. |
wp_ajax_send_attachment_to_editor()wp-admin/includes/ajax-actions.php |
Handles sending an attachment to the editor via AJAX. |
wp_ajax_send_link_to_editor()wp-admin/includes/ajax-actions.php |
Handles sending a link to the editor via AJAX. |
wp_ajax_heartbeat()wp-admin/includes/ajax-actions.php |
Handles the Heartbeat API via AJAX. |
wp_ajax_query_themes()wp-admin/includes/ajax-actions.php |
Handles getting themes from themes_api() via AJAX. |
wp_ajax_save_widget()wp-admin/includes/ajax-actions.php |
Handles saving a widget via AJAX. |
wp_ajax_date_format()wp-admin/includes/ajax-actions.php |
Handles formatting a date via AJAX. |
wp_ajax_time_format()wp-admin/includes/ajax-actions.php |
Handles formatting a time via AJAX. |
wp_ajax_save_attachment()wp-admin/includes/ajax-actions.php |
Handles updating attachment attributes via AJAX. |
wp_ajax_add_meta()wp-admin/includes/ajax-actions.php |
Handles adding meta via AJAX. |
wp_ajax_wp_link_ajax()wp-admin/includes/ajax-actions.php |
Handles internal linking via AJAX. |
wp_ajax_find_posts()wp-admin/includes/ajax-actions.php |
Handles querying posts for the Find Posts modal via AJAX. |
wp_ajax_widgets_order()wp-admin/includes/ajax-actions.php |
Handles saving the widgets order via AJAX. |
wp_ajax_add_link_category()wp-admin/includes/ajax-actions.php |
Handles adding a link category via AJAX. |
wp_ajax_nopriv_heartbeat()wp-admin/includes/ajax-actions.php |
Handles the Heartbeat API in the no-privilege context via AJAX . |
wp_ajax_ajax_tag_search()wp-admin/includes/ajax-actions.php |
Handles tag search via AJAX. |
wp_insert_link()wp-admin/includes/bookmark.php |
Inserts a link into the database, or updates an existing link. |
get_default_link_to_edit()wp-admin/includes/bookmark.php |
Retrieves the default link for editing. |
WP_Terms_List_Table::column_name()wp-admin/includes/class-wp-terms-list-table.php |
|
WP_Terms_List_Table::prepare_items()wp-admin/includes/class-wp-terms-list-table.php |
|
request_filesystem_credentials()wp-admin/includes/file.php |
Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
WP_Customize_Manager::customize_preview_settings()wp-includes/class-wp-customize-manager.php |
Prints JavaScript settings for preview frame. |
WP_Customize_Manager::save()wp-includes/class-wp-customize-manager.php |
Handles customize_save WP Ajax request to save/update a changeset. |
WP_Customize_Manager::__construct()wp-includes/class-wp-customize-manager.php |
Constructor. |
WP_Customize_Manager::doing_ajax()wp-includes/class-wp-customize-manager.php |
Returns true if it’s an Ajax request. |
spawn_cron()wp-includes/cron.php |
Sends a request to run cron through HTTP request that doesn’t halt page loading. |
_wp_customize_include()wp-includes/theme.php |
Includes and instantiates the WP_Customize_Manager class. |
WP::send_headers()wp-includes/class-wp.php |
Sends additional HTTP headers for caching, content type, etc. |
wp_original_referer_field()wp-includes/functions.php |
Retrieves or displays original referer hidden field for forms. |
wp_get_referer()wp-includes/functions.php |
Retrieves referer from ‘_wp_http_referer’ or HTTP referer. |
wp_get_original_referer()wp-includes/functions.php |
Retrieves original referer that was posted, if it exists. |
wp_update_term()wp-includes/taxonomy.php |
Updates term based on arguments provided. |
wp_insert_term()wp-includes/taxonomy.php |
Adds a new term to the database. |
term_exists()wp-includes/taxonomy.php |
Determines whether a taxonomy term exists. |
wp_insert_user()wp-includes/user.php |
Inserts a user into the database. |
wp_signon()wp-includes/user.php |
Authenticates and logs a user in with ‘remember’ capability. |
post_password_required()wp-includes/post-template.php |
Determines whether the post requires password and whether a correct password has been provided. |
_wp_link_page()wp-includes/post-template.php |
Helper function for wp_link_pages() . |
trackback_url_list()wp-includes/post.php |
Does trackbacks for a list of URLs. |
wp_insert_post()wp-includes/post.php |
Inserts or update a post. |
wpmu_log_new_registrations()wp-includes/ms-functions.php |
Logs the user email, IP, and registration date of a new site. |
newblog_notify_siteadmin()wp-includes/ms-functions.php |
Notifies the network admin that a new site has been activated. |
newuser_notify_siteadmin()wp-includes/ms-functions.php |
Notifies the network admin that a new user has been activated. |
wpmu_welcome_notification()wp-includes/ms-functions.php |
Notifies the site administrator that their site activation was successful. |
install_blog()wp-includes/ms-deprecated.php |
Install an empty blog. |
wpmu_validate_blog_signup()wp-includes/ms-functions.php |
Processes new site registrations. |
wp_update_nav_menu_item()wp-includes/nav-menu.php |
Saves the properties of a menu item or create a new one. |
wp_xmlrpc_server::blogger_getPost()wp-includes/class-wp-xmlrpc-server.php |
Retrieves a post. |
wp_xmlrpc_server::blogger_getRecentPosts()wp-includes/class-wp-xmlrpc-server.php |
Retrieves the list of recent posts. |
wp_xmlrpc_server::wp_setOptions()wp-includes/class-wp-xmlrpc-server.php |
Updates blog options. |
wp_xmlrpc_server::set_custom_fields()wp-includes/class-wp-xmlrpc-server.php |
Sets custom fields for post. |
WP_Customize_Widgets::get_post_value()wp-includes/class-wp-customize-widgets.php |
Retrieves an unslashed post value or return a default. |
wp_update_comment()wp-includes/comment.php |
Updates an existing comment in the database. |
wp_insert_comment()wp-includes/comment.php |
Inserts a comment into the database. |
sanitize_comment_cookies()wp-includes/comment.php |
Sanitizes the cookies sent to the user already. |
wp_allow_comment()wp-includes/comment.php |
Validates whether this comment is allowed to be made. |
check_comment()wp-includes/comment.php |
Checks whether a comment passes internal checks to be allowed to add. |
delete_metadata()wp-includes/meta.php |
Deletes metadata for the specified object. |
add_metadata()wp-includes/meta.php |
Adds metadata for the specified object. |
update_metadata()wp-includes/meta.php |
Updates metadata for the specified object. If no value already exists for the specified object ID and metadata key, the metadata will be added. |
Changelog
| Version | Description |
|---|---|
| 3.6.0 | Introduced. |
Skip to note 4 content
Codex
Example
This function can be used in replacement of stripslashes_deep() . As it is a recursive function, when an array is given, it will remove slashes in all sub-arrays too.
$arr = array( "Is your name O'reilly?", "Person's Assets" ); $arr = wp_unslash( $arr ); /* Outputs: array( "Is your name O'reilly?", "Person's Assets" ); */Skip to note 5 content
Code Tốt
This function was called when we try to read
$_COOKIES:$viewed_products = ! empty( $_COOKIE['woocommerce_recently_viewed'] ) ? (array) explode( '|', wp_unslash( $_COOKIE['woocommerce_recently_viewed'] ) ) : array(); // @codingStandardsIgnoreLine $viewed_products = array_reverse( array_filter( array_map( 'absint', $viewed_products ) ) );Skip to note 6 content
Bob Kline
It’s unfortunate that we have to invoke this function to undo the garbling of the input values performed by WordPress itself. The bug reports for fixing the problem have been thrashing about for years, and it’s unclear whether the problem will ever be fixed, or how. In the meantime here’s one way to deal with it, using a technique which should survive without having to revisit code in the event that WP ever bites the bullet and removes the unwanted escaping.
$_POST$_POSTusingwp_unslash()