WP_Customize_Nav_Menu_Item_Setting::sanitize() WordPress Method

The WP_Customize_Nav_Menu_Item_Setting::sanitize() method is used to sanitize nav menu item settings before they are saved to the database. This method ensures that only valid data is saved to the database, and that any invalid data is discarded.

WP_Customize_Nav_Menu_Item_Setting::sanitize( array $value ) #

Sanitize an input.

Contents

Description

Note that parent::sanitize() erroneously does wp_unslash() on $value, but we remove that in this override.

Top ↑

Parameters

$value

(array)(Required)The menu item value to sanitize.

Top ↑

Return

(array|false|null|WP_Error) Null or WP_Error if an input isn't valid. False if it is marked for deletion. Otherwise the sanitized value.

Top ↑

Source

File: wp-includes/customize/class-wp-customize-nav-menu-item-setting.php

	public function sanitize( $value ) {
		// Restores the more descriptive, specific name for use within this method.
		$menu_item_value = $value;

		// Menu is marked for deletion.
		if ( false === $menu_item_value ) {
			return $menu_item_value;
		}

		// Invalid.
		if ( ! is_array( $menu_item_value ) ) {
			return null;
		}

		$default                     = array(
			'object_id'        => 0,
			'object'           => '',
			'menu_item_parent' => 0,
			'position'         => 0,
			'type'             => 'custom',
			'title'            => '',
			'url'              => '',
			'target'           => '',
			'attr_title'       => '',
			'description'      => '',
			'classes'          => '',
			'xfn'              => '',
			'status'           => 'publish',
			'original_title'   => '',
			'nav_menu_term_id' => 0,
			'_invalid'         => false,
		);
		$menu_item_value             = array_merge( $default, $menu_item_value );
		$menu_item_value             = wp_array_slice_assoc( $menu_item_value, array_keys( $default ) );
		$menu_item_value['position'] = (int) $menu_item_value['position'];

		foreach ( array( 'object_id', 'menu_item_parent', 'nav_menu_term_id' ) as $key ) {
			// Note we need to allow negative-integer IDs for previewed objects not inserted yet.
			$menu_item_value[ $key ] = (int) $menu_item_value[ $key ];
		}

		foreach ( array( 'type', 'object', 'target' ) as $key ) {
			$menu_item_value[ $key ] = sanitize_key( $menu_item_value[ $key ] );
		}

		foreach ( array( 'xfn', 'classes' ) as $key ) {
			$value = $menu_item_value[ $key ];
			if ( ! is_array( $value ) ) {
				$value = explode( ' ', $value );
			}
			$menu_item_value[ $key ] = implode( ' ', array_map( 'sanitize_html_class', $value ) );
		}

		$menu_item_value['original_title'] = sanitize_text_field( $menu_item_value['original_title'] );

		// Apply the same filters as when calling wp_insert_post().

		/** This filter is documented in wp-includes/post.php */
		$menu_item_value['title'] = wp_unslash( apply_filters( 'title_save_pre', wp_slash( $menu_item_value['title'] ) ) );

		/** This filter is documented in wp-includes/post.php */
		$menu_item_value['attr_title'] = wp_unslash( apply_filters( 'excerpt_save_pre', wp_slash( $menu_item_value['attr_title'] ) ) );

		/** This filter is documented in wp-includes/post.php */
		$menu_item_value['description'] = wp_unslash( apply_filters( 'content_save_pre', wp_slash( $menu_item_value['description'] ) ) );

		if ( '' !== $menu_item_value['url'] ) {
			$menu_item_value['url'] = esc_url_raw( $menu_item_value['url'] );
			if ( '' === $menu_item_value['url'] ) {
				return new WP_Error( 'invalid_url', __( 'Invalid URL.' ) ); // Fail sanitization if URL is invalid.
			}
		}
		if ( 'publish' !== $menu_item_value['status'] ) {
			$menu_item_value['status'] = 'draft';
		}

		$menu_item_value['_invalid'] = (bool) $menu_item_value['_invalid'];

		/** This filter is documented in wp-includes/class-wp-customize-setting.php */
		return apply_filters( "customize_sanitize_{$this->id}", $menu_item_value, $this );
	}

Expand full source codeCollapse full source codeView on TracView on GitHub

Top ↑

Top ↑

Uses

Uses
UsesDescription
wp-includes/l10n.php:__()

Retrieve the translation of $text.

wp-includes/formatting.php:sanitize_text_field()

Sanitizes a string from user input or from the database.

wp-includes/formatting.php:wp_unslash()

Removes slashes from a string or recursively removes slashes from strings within an array.

wp-includes/formatting.php:wp_slash()

Adds slashes to a string or recursively adds slashes to strings within an array.

wp-includes/formatting.php:esc_url_raw()

Performs esc_url() for database or redirect usage.

wp-includes/formatting.php:sanitize_key()

Sanitizes a string key.

wp-includes/functions.php:wp_array_slice_assoc()

Extract a slice of an array, given a list of keys.

wp-includes/plugin.php:apply_filters()

Calls the callback functions that have been added to a filter hook.

wp-includes/class-wp-customize-setting.php:customize_sanitize_{$this->id}

Filters a Customize setting value in un-slashed form.

wp-includes/class-wp-error.php:WP_Error::__construct()

Initializes the error.

Show 5 more usesHide more uses

Top ↑

Changelog

Changelog
VersionDescription
5.9.0Renamed $menu_item_value to $value for PHP 8 named parameter support.
4.3.0Introduced.
Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by theĀ Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.