I am writing a php program to insert a wordpress post using wordpress functions. When I use the function wp_insert_post()
, any <script>
tags in my post content are removed. Is there is a way to override this in Word开发者_C百科press?
The solution by pp19dd doesn't work anymore in newer versions of WordPress. The new way, as suggested by a WordPress developer (but not recommended, because of security issues):
filter had to be unset due to security problems with it. You could try doing kses_remove_filters() before inserting the post and kses_init_filters() after inserting the post if you are trying to avoid the kses filtering of the post fields. Just be wary since that defeats most of the security measures for inserting posts.
So:
kses_remove_filters();
wp_insert_post( $postdata );
kses_init_filters();
Source: https://wordpress.org/support/topic/bypass-sanitize_post-from-wp_insert_post
精彩评论