WordPress comes with an extensive HTTP API that should be used instead of creating your own curl calls. It\u2019s both faster and more extensive. It\u2019ll fall back to curl if it has to, but it\u2019ll use a lot of WordPress\u2019 native functionality first.<\/p>\n
<\/p>\n
Note: If using CURL in 3rd party vendor libraries, that’s permitted.<\/p>\n
When you include POST\/GET\/REQUEST\/FILE calls in your plugin, it’s important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.<\/p>\n
WordPress comes with a number of sanitization and escaping functions:<\/p>\n Remember: You must use the most appropriate functions for the context. If you\u2019re sanitizing email, use Using CURL Instead of HTTP API WordPress comes with an […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19],"tags":[],"class_list":["post-1666","post","type-post","status-publish","format-standard","hentry","category-wordpress"],"_links":{"self":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1666"}],"version-history":[{"count":0,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/posts\/1666\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.appblog.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}SANITIZE<\/code>: Data that is input (either by a user or automatically) must be sanitized as soon as possible. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted.<\/p>\n<\/li>\nVALIDATE<\/code>: All data should be validated, no matter what. Even when you sanitize, remember that you don\u2019t want someone putting in \u2018dog\u2019 when the only valid values are numbers.<\/p>\n<\/li>\nESCAPE<\/code>: Data that is output must be escaped properly when it is echo’d, so it can’t hijack admin screens. There are many esc_*()<\/code> functions you can use to make sure you don’t show people the wrong data.<\/p>\n<\/li>\n<\/ul>\n\n
sanitize_email()<\/code>, if you\u2019re outputting HTML, use esc_html()<\/code>, and so on.<\/p>\n$body = wp_unslash( $_POST );<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"