W3cubDocs

/WordPress

WP_Theme::sanitize_header( string $header, string $value ): string|array

Sanitizes a theme header.

Parameters

$headerstringrequired: Theme header. Accepts 'Name', 'Description', 'Author', 'Version', 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP', 'UpdateURI'.
$valuestringrequired: Value to sanitize.

Return

string|array An array for Tags header, string otherwise.

Source

private function sanitize_header( $header, $value ) {
	switch ( $header ) {
		case 'Status':
			if ( ! $value ) {
				$value = 'publish';
				break;
			}
			// Fall through otherwise.
		case 'Name':
			static $header_tags = array(
				'abbr'    => array( 'title' => true ),
				'acronym' => array( 'title' => true ),
				'code'    => true,
				'em'      => true,
				'strong'  => true,
			);

			$value = wp_kses( $value, $header_tags );
			break;
		case 'Author':
			// There shouldn't be anchor tags in Author, but some themes like to be challenging.
		case 'Description':
			static $header_tags_with_a = array(
				'a'       => array(
					'href'  => true,
					'title' => true,
				),
				'abbr'    => array( 'title' => true ),
				'acronym' => array( 'title' => true ),
				'code'    => true,
				'em'      => true,
				'strong'  => true,
			);

			$value = wp_kses( $value, $header_tags_with_a );
			break;
		case 'ThemeURI':
		case 'AuthorURI':
			$value = sanitize_url( $value );
			break;
		case 'Tags':
			$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
			break;
		case 'Version':
		case 'RequiresWP':
		case 'RequiresPHP':
		case 'UpdateURI':
			$value = strip_tags( $value );
			break;
	}

	return $value;
}

View all references View on Trac View on GitHub

Changelog

Version	Description
6.1.0	Added support for `Update URI` header.
5.4.0	Added support for `Requires at least` and `Requires PHP` headers.
3.4.0	Introduced.

© 2003–2024 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_theme/sanitize_header