关于Options
关于Options
相信很多主题作者,在使用Options Framework主题选项框架时都遇到一个棘手的问题,就是该框架出于安全会过滤掉常用标签,最关键是过滤掉加载 javascript的常用标签,造成无法添加广告及站点统计代码,虽然通过使用编辑器模式替代textarea文本域,可解决上述问题,但主题控制面板都是编辑器窗口看上去有些怪异。
其实官方已给出解决办法:展开
Options Framework: Sanitization Filters
- /*
- * This is an example of how to override a default filter
- * for ‘textarea’ sanitization and $allowedposttags + embed and script.
- */
- add_action(‘admin_init’,’optionscheck_change_santiziation’, 100);
- function optionscheck_change_santiziation() {
- remove_filter( ‘of_sanitize_textarea’, ‘of_sanitize_textarea’ );
- add_filter( ‘of_sanitize_textarea’, ‘custom_sanitize_textarea’ );
- }
- function custom_sanitize_textarea($input) {
- global $allowedposttags;
- $custom_allowedtags[“embed”] = array(
- “src” => array(),
- “type” => array(),
- “allowfullscreen” => array(),
- “allowscriptaccess” => array(),
- “height” => array(),
- “width” => array()
- );
- $custom_allowedtags[“script”] = array();
- $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
- $output = wp_kses( $input, $custom_allowedtags);
- return $output;
- }
不过这个实例只是不过滤<script>标签,像这种:
- <script type=“text/javascript” src=“zmingcx.js”></script>
还是会过滤掉type、src等标签,可能造成JS文件不能正常加载。
下面是经过我修改的完整不过滤 javascript 常用标签代码:展开
- /*
- * This is an example of how to override a default filter
- * for ‘textarea’ sanitization and $allowedposttags + embed and script.
- */
- add_action(‘admin_init’,’optionscheck_change_santiziation’, 100);
- function optionscheck_change_santiziation() {
- remove_filter( ‘of_sanitize_textarea’, ‘of_sanitize_textarea’ );
- add_filter( ‘of_sanitize_textarea’, ‘custom_sanitize_textarea’ );
- }
- function custom_sanitize_textarea($input) {
- global $allowedposttags;
- $custom_allowedtags[“embed”] = array(
- “src” => array(),
- “type” => array(),
- “allowfullscreen” => array(),
- “allowscriptaccess” => array(),
- “height” => array(),
- “width” => array()
- );
- $custom_allowedtags[“script”] = array( “type” => array(),“src” => array() );
- $custom_allowedtags = array_merge($custom_allowedtags, $allowedposttags);
- $output = wp_kses( $input, $custom_allowedtags);
- return $output;
- }
该代码在Options Framework 1.91版中测试通过,其它较早版本未测试。
下载说明:
1. 本站所有资源来源于网络和用户上传,如有侵权请联系站长
2. 本站分享目的仅供大家学习和交流,您必须在下载后24小时内删除!
3. 不得使用于非法商业用途,商用请支持正版!不得违反国家法律,否则后果自负!
6. 本站资源售价只是赞助,收取费用仅维持本站的日常运营所需!
本站的资源均来自于互联网,仅为资源共享、学习参考之目的,其版权均归原作者及其网站所有,如有侵权请留言联系:admin,转转请注明出处:http://zhanmr.com/3697.htm
微信扫一扫 