W3cubDocs

/WordPress

WP_Customize_Widgets::sanitize_widget_instance( array $value )

Sanitizes a widget instance.

Description

Unserialize the JS-instance for storing in the options. It’s important that this filter only get applied to an instance once.

Parameters

$value: (array) (Required) Widget instance to sanitize.

Return

(array|void) Sanitized widget instance.

Source

File: wp-includes/class-wp-customize-widgets.php

public function sanitize_widget_instance( $value ) {
		if ( array() === $value ) {
			return $value;
		}

		if ( empty( $value['is_widget_customizer_js_value'] )
			|| empty( $value['instance_hash_key'] )
			|| empty( $value['encoded_serialized_instance'] ) ) {
			return;
		}

		$decoded = base64_decode( $value['encoded_serialized_instance'], true );
		if ( false === $decoded ) {
			return;
		}

		if ( ! hash_equals( $this->get_instance_hash_key( $decoded ), $value['instance_hash_key'] ) ) {
			return;
		}

		$instance = unserialize( $decoded );
		if ( false === $instance ) {
			return;
		}

		return $instance;
	}

Uses

Uses	Description
wp-includes/compat.php: hash_equals()	Timing attack safe string comparison
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::get_instance_hash_key()	Retrieves MAC for a serialized widget instance string.

Used By

Used By	Description
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::call_widget_update()	Finds and invokes the widget update and control callbacks.

Changelog

Version	Description
3.9.0	Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_customize_widgets/sanitize_widget_instance