WordPress Version: 6.3
/**
* Sanitizes a post field based on context.
*
* Possible context values are: 'raw', 'edit', 'db', 'display', 'attribute' and
* 'js'. The 'display' context is used by default. 'attribute' and 'js' contexts
* are treated like 'display' when calling filters.
*
* @since 2.3.0
* @since 4.4.0 Like `sanitize_post()`, `$context` defaults to 'display'.
*
* @param string $field The Post Object field name.
* @param mixed $value The Post Object value.
* @param int $post_id Post ID.
* @param string $context Optional. How to sanitize the field. Possible values are 'raw', 'edit',
* 'db', 'display', 'attribute' and 'js'. Default 'display'.
* @return mixed Sanitized value.
*/
function sanitize_post_field($field, $value, $post_id, $context = 'display')
{
$int_fields = array('ID', 'post_parent', 'menu_order');
if (in_array($field, $int_fields, true)) {
$value = (int) $value;
}
// Fields which contain arrays of integers.
$array_int_fields = array('ancestors');
if (in_array($field, $array_int_fields, true)) {
$value = array_map('absint', $value);
return $value;
}
if ('raw' === $context) {
return $value;
}
$prefixed = false;
if (str_contains($field, 'post_')) {
$prefixed = true;
$field_no_prefix = str_replace('post_', '', $field);
}
if ('edit' === $context) {
$format_to_edit = array('post_content', 'post_excerpt', 'post_title', 'post_password');
if ($prefixed) {
/**
* Filters the value of a specific post field to edit.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
* @param int $post_id Post ID.
*/
$value = apply_filters("edit_{$field}", $value, $post_id);
/**
* Filters the value of a specific post field to edit.
*
* The dynamic portion of the hook name, `$field_no_prefix`, refers to
* the post field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
* @param int $post_id Post ID.
*/
$value = apply_filters("{$field_no_prefix}_edit_pre", $value, $post_id);
} else {
$value = apply_filters("edit_post_{$field}", $value, $post_id);
}
if (in_array($field, $format_to_edit, true)) {
if ('post_content' === $field) {
$value = format_to_edit($value, user_can_richedit());
} else {
$value = format_to_edit($value);
}
} else {
$value = esc_attr($value);
}
} elseif ('db' === $context) {
if ($prefixed) {
/**
* Filters the value of a specific post field before saving.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters("pre_{$field}", $value);
/**
* Filters the value of a specific field before saving.
*
* The dynamic portion of the hook name, `$field_no_prefix`, refers
* to the post field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters("{$field_no_prefix}_save_pre", $value);
} else {
$value = apply_filters("pre_post_{$field}", $value);
/**
* Filters the value of a specific post field before saving.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the post field.
*/
$value = apply_filters("{$field}_pre", $value);
}
} else {
// Use display filters by default.
if ($prefixed) {
/**
* Filters the value of a specific post field for display.
*
* The dynamic portion of the hook name, `$field`, refers to the post
* field name.
*
* @since 2.3.0
*
* @param mixed $value Value of the prefixed post field.
* @param int $post_id Post ID.
* @param string $context Context for how to sanitize the field.
* Accepts 'raw', 'edit', 'db', 'display',
* 'attribute', or 'js'. Default 'display'.
*/
$value = apply_filters("{$field}", $value, $post_id, $context);
} else {
$value = apply_filters("post_{$field}", $value, $post_id, $context);
}
if ('attribute' === $context) {
$value = esc_attr($value);
} elseif ('js' === $context) {
$value = esc_js($value);
}
}
// Restore the type for integer fields after esc_attr().
if (in_array($field, $int_fields, true)) {
$value = (int) $value;
}
return $value;
}