Download pdf - Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Transcript
Page 1: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitizing, Validating and Escapingin WordPress Themes and Plugins

by Micah Wood @wpscholar

wpscholar.com/wpyall2014

http://wpscholar.com/wpyall2014
Page 2: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

SanitizationCleaning user input

Page 3: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitization Example

Page 4: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize Text Fields

Page 5: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize URL Slugs

Page 6: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize URLs

Page 7: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize Emails

Page 8: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize HTML Classes

Page 9: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Sanitize HTML

Page 10: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Other Sanitization Functions• sanitize_file_name() • sanitize_key() • sanitize_mime_type() • sanitize_sql_orderby() • sanitize_title_for_query() • sanitize_title_with_dashes() • sanitize_user()

Page 11: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

ValidationChecking user input

Page 12: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validation Example

Page 13: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Data Type

Page 14: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validate HTML

Page 15: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validate Meta

Page 16: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validate Capability

Page 17: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validate Option

Page 18: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Validate Intention

Page 19: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

EscapingSecuring output

Page 20: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape HTML Attributes

Page 21: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape HTML Attributes

Page 22: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape HTML

Page 23: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape HTML

Page 24: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape URLs

Page 25: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape Textareas

Page 26: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape Inline JavaScript

Page 27: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Permanent link to this comic: http://xkcd.com/327/

http://xkcd.com/327/
Page 28: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Page 29: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Page 30: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Page 31: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Page 32: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Escape SQL Queries

Page 33: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Tips• Search for echo $ and echo get_ • Use VIP Scanner if you are creating a theme

Page 34: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Trust WordPress

Page 35: Sanitizing, Validating and Escaping in WordPress Themes and Plugins

Questions?


Recommended

Cleaning and Sanitizing - National Food Service …nfsmi.org/documentlibraryfiles/PDF/20160318042923.pdfFood Saet act Seet i i Cleaning and Sanitizing Introduction Cleaning and sanitizing
Cleaning and Sanitizing - National Food Service …nfsmi.org/documentlibraryfiles/PDF/20160318042923.pdfFood Saet act Seet i i Cleaning and Sanitizing Introduction Cleaning and sanitizing Documents
UVC LIGHT FOR SANITIZING
UVC LIGHT FOR SANITIZING Documents
Sanitizing Agents - LSU AgCenter
Sanitizing Agents - LSU AgCenter Documents
MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN … · 2014-10-13 · MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN SC20 MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN SC20
MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN … · 2014-10-13 · MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN SC20 MONSTER 1200 SANITIZING STEAM CLEANER SUPERCLEAN SC20 Documents
Escaping Education
Escaping Education Documents
High Temperature Sanitizing Rack Conveyor … Temperature Sanitizing Rack Conveyor Dishwashers (USA Version) OWNER
High Temperature Sanitizing Rack Conveyor … Temperature Sanitizing Rack Conveyor Dishwashers (USA Version) OWNER Documents
Green Cleaning, Sanitizing, and Disinfecting: A Checklist ... · Green Cleaning, Sanitizing, and Disinfecting: A Checklist for Early Care and Education Green Cleaning, Sanitizing,
Green Cleaning, Sanitizing, and Disinfecting: A Checklist ... · Green Cleaning, Sanitizing, and Disinfecting: A Checklist for Early Care and Education Green Cleaning, Sanitizing, Documents
Egg Sanitizing Procedure
Egg Sanitizing Procedure Documents
leaning Sanitizing
leaning Sanitizing Documents
Cleaning & Sanitizing the Kitchendhss.alaska.gov/.../kitchen-sanitize.pdfCleaning & Sanitizing the Kitchen Using inexpensive household food-safe products PgA Hg EOEA Cleaning & Sanitizing
Cleaning & Sanitizing the Kitchendhss.alaska.gov/.../kitchen-sanitize.pdfCleaning & Sanitizing the Kitchen Using inexpensive household food-safe products PgA Hg EOEA Cleaning & Sanitizing Documents
Green Cleaning, Sanitizing, and Disinfecting: A Checklist ... · PDF fileGreen Cleaning, Sanitizing, and Disinfecting: A Checklist for Early Care and ... Green Cleaning, Sanitizing,
Green Cleaning, Sanitizing, and Disinfecting: A Checklist ... · PDF fileGreen Cleaning, Sanitizing, and Disinfecting: A Checklist for Early Care and ... Green Cleaning, Sanitizing, Documents
Cleaning and Sanitizing
Cleaning and Sanitizing Documents
Procter & Gamble Professional Sanitizing and … & Gamble Professional Sanitizing and Disinfecting Technical Bulletins for: Spic & Span 3-1 Dilute / RTU Comet Disinfecting Sanitizing
Procter & Gamble Professional Sanitizing and … & Gamble Professional Sanitizing and Disinfecting Technical Bulletins for: Spic & Span 3-1 Dilute / RTU Comet Disinfecting Sanitizing Documents
Escaping Hunger, Escaping Excess
Escaping Hunger, Escaping Excess Documents
Escaping greatdivide coimbra
Escaping greatdivide coimbra Education
kara sanitizing wipes
kara sanitizing wipes Documents
leaning Sanitizing - Schoolwiresca01000043.schoolwires.net/cms/lib08/CA01000043/Centricity/Domain... · leaning & Sanitizing ... Cleaning and sanitizing food-contact ... Anytime you
leaning Sanitizing - Schoolwiresca01000043.schoolwires.net/cms/lib08/CA01000043/Centricity/Domain... · leaning & Sanitizing ... Cleaning and sanitizing food-contact ... Anytime you Documents
Escaping The Cave
Escaping The Cave Documents