W3cubDocs

/WordPress

WP_Theme::sanitize_header( string $header, string $value )

This function’s access is marked private. This means it is not intended for use by plugin or theme developers, only in other core functions. It is listed here for completeness.

Sanitize a theme header.

Parameters

$header

(string) (Required) Theme header. Accepts 'Name', 'Description', 'Author', 'Version', 'ThemeURI', 'AuthorURI', 'Status', 'Tags', 'RequiresWP', 'RequiresPHP'.

$value

(string) (Required) Value to sanitize.

Return

(string|array) An array for Tags header, string otherwise.

Source

File: wp-includes/class-wp-theme.php 

private function sanitize_header( $header, $value ) {
		switch ( $header ) {
			case 'Status':
				if ( ! $value ) {
					$value = 'publish';
					break;
				}
				// Fall through otherwise.
			case 'Name':
				static $header_tags = array(
					'abbr'    => array( 'title' => true ),
					'acronym' => array( 'title' => true ),
					'code'    => true,
					'em'      => true,
					'strong'  => true,
				);

				$value = wp_kses( $value, $header_tags );
				break;
			case 'Author':
				// There shouldn't be anchor tags in Author, but some themes like to be challenging.
			case 'Description':
				static $header_tags_with_a = array(
					'a'       => array(
						'href'  => true,
						'title' => true,
					),
					'abbr'    => array( 'title' => true ),
					'acronym' => array( 'title' => true ),
					'code'    => true,
					'em'      => true,
					'strong'  => true,
				);

				$value = wp_kses( $value, $header_tags_with_a );
				break;
			case 'ThemeURI':
			case 'AuthorURI':
				$value = esc_url_raw( $value );
				break;
			case 'Tags':
				$value = array_filter( array_map( 'trim', explode( ',', strip_tags( $value ) ) ) );
				break;
			case 'Version':
			case 'RequiresWP':
			case 'RequiresPHP':
				$value = strip_tags( $value );
				break;
		}

		return $value;
	}

Uses

Uses Description
wp-includes/formatting.php: esc_url_raw()

Performs esc_url() for database usage.
wp-includes/kses.php: wp_kses()

Filters text content and strips out disallowed HTML.

Used By

Used By Description
wp-includes/class-wp-theme.php: WP_Theme::get()

Get a raw, unformatted theme header.

Changelog

Version Description
5.4.0 Added support for Requires at least and Requires PHP headers.
3.4.0 Introduced.

© 2003–2019 WordPress Foundation
Licensed under the GNU GPLv2+ License.
https://developer.wordpress.org/reference/classes/wp_theme/sanitize_header