Home Forums Front-end Issues Is sanitization required for front end form? Reply To: Is sanitization required for front end form?

  • Hi Elliot,
    Many thanks for the quick response.
    I’ve had a look at update_postmeta in post.php, which in turn calls update_metadata in meta.php.

    update_metadata calls a sanitize_meta function (also in meta.php), but what I’m not sure is what this does exactly – this is the function:

    function sanitize_meta( $meta_key, $meta_value, $meta_type ) {	        return apply_filters( "sanitize_{$meta_type}_meta_{$meta_key}", $meta_value, $meta_key, $meta_type );

    According to Codex:

    ‘Applies filters that can be hooked to perform specific sanitization procedures for the particular metadata type and key. Does not sanitize anything on it’s own. Custom filters must be hooked in to do the work. The filter hook tag has the form “sanitize_{$meta_type}_meta_{$meta_key}”. ‘

    But this is where I get a bit lost… does this mean data is being sanatized or not?!

    Also – do you know whether it’s just update_postmeta I need to worry about, or are there any other methods used too?

    Many thanks for your help.