我希望我的主题具有安全性,所以我从主题文件中获取了所有不同的命令。如果我需要逃离这些,我该怎么做
<?php get_header(); ?>
<h1><?php _e( \'Page not found\', \'html5blank\' ); ?></h1>
<a href="<?php echo home_url(); ?>">
<?php
if ( $thumbnail_id = get_post_thumbnail_id() ) {
if ( $image_src = wp_get_attachment_image_src( $thumbnail_id, \'normal-bg\' ) )
printf( \' style="background-image: url(%s);"\', $image_src[0] );
}
?>>
<?php
// Set the Current Author Variable $curauth
$curauth = (isset($_GET[\'author_name\'])) ? get_user_by(\'slug\', $author_name) : get_userdata(intval($author));
?>
<?php echo get_avatar( get_the_author_email(), \'20\' ); ?>
<?php
function your_prefix_render_hfe_footer() {
if ( function_exists( \'hfe_render_footer\' ) ) {
hfe_render_footer();
}
}
add_action( \'astra_footer\', \'your_prefix_render_hfe_header\' ); ?>
<?php footer_shortcode_elementor() ?>
-----------------------------
in function.php:
add_filter(\'comment_form_fields\', \'wpb_move_comment_field_to_bottom\');
if ( ! function_exists( \'WPScripts_enqueue\' ) ) {
-----------------------------
<?php
global $post;
$tags = get_the_tags($post->ID);
if (is_array($tags) || is_object($tags)) {
foreach($tags as $tag)
{
echo \'<a href="\' . get_tag_link($tag->term_id) . \'"><span class="badge badge-dark">\' . $tag->name . \'</span></a> \';
}
}
?>
<?php if (have_posts()): while (have_posts()) : the_post(); ?>
谢谢你
SO网友:Faye
下面是几个逃跑的例子:
Escaping URLS:
<?php echo esc_url( home_url() ); ?>
Escaping Content
<?php echo esc_html( get_the_title() ); ?>
Escaping Attributes
<?php echo esc_attr( $my_class ); ?>
Escaping Content but keep HTML
<?php echo wp_kses_post( get_the_content() ); ?>
Escaping Emails
<?php echo sanitize_email( $email_address ) ); ?>
有关逃跑的更多信息,
here\'s a good resource on data sanitization.
