wp_kses_no_null() WordPress Function

The wp_kses_no_null() function is a security measure to prevent cross-site scripting (XSS) attacks. It strips out any characters that are not alphanumeric, including whitespace, and replaces them with an empty string. This function should be used whenever data from untrusted sources is used in the WordPress code.

wp_kses_no_null( string $string, array $options = null ) #

Removes any invalid control characters in a text string.

Contents

Description
Parameters
Return
Source
Related
- Used By
Changelog

Description

Also removes any instance of the \0 string.

Parameters

$string

(string)(Required)Content to filter null characters from.

$options

(array)(Optional)Set 'slash_zero' => 'keep' when '' is allowed. Default is 'remove'.

Default value: null

Return

(string) Filtered content.

Source

File: wp-includes/kses.php

function wp_kses_no_null( $string, $options = null ) {
	if ( ! isset( $options['slash_zero'] ) ) {
		$options = array( 'slash_zero' => 'remove' );
	}

	$string = preg_replace( '/[\x00-\x08\x0B\x0C\x0E-\x1F]/', '', $string );
	if ( 'remove' === $options['slash_zero'] ) {
		$string = preg_replace( '/\\\\+0+/', '', $string );
	}

	return $string;
}

Expand full source code Collapse full source codeView on TracView on GitHub

Used By

Used By
Version	Description
1.0.0	Introduced.

Show 1 more used by Hide more used by

Changelog

Changelog
Version	Description
1.0.0	Introduced.

Download the latest version of WordPress from https://wordpress.org/

The content displayed on this page has been created in part by processing WordPress source code files which are made available under the GPLv2 (or a later version) license by the Free Software Foundation. In addition to this, the content includes user-written examples and information. All material is subject to review and curation by the WPPaste.com community.