Individual site upload limit notice

Show individual site upload limit notice on media page WordPress (Only for Multisite)

Eg.

Snippet

Advertisements

Add post meta in post (custom post type) endpoint with Rest API

Add post meta in post (custom post type) endpoint with Rest API.

Todo:

  • Change post-type with your post type slug.
  • Change prefix-meta-key with your post meta key which you want to include in Rest API Response.

Output:

Visit https://<mysite>/wp-json/wp/v2/<post-type>/ it show the stored data from meta key  prefix-meta-key in the Rest API response.

Code:

 

Check logged in user role in WordPress

Check logged in user role. Use function  wp_get_current_user() to get the current/logged in user info.

Usage:

var_dump( prefix_user_has_role( 'administrator' ) );

// Output:
// bool(true)

Snippet:

Get logged in user roles in WordPress

Get logged in user assigned roles. Use function  wp_get_current_user() to get the current/logged in user info.

Output:

print_r( prefix_get_current_user_roles() );

// Output:
// Array
// (
//     [0] => administrator
// )

Code:

WordPress Sensitization & Escaping Quick Examples

What is Sensitization?

Get secure user inputs.

What is Escaping?

Print / echo the secure output.


# Sanitize: Secure Input:

sanitize_email()
sanitize_file_name()
sanitize_html_class()
sanitize_key()
sanitize_meta()
sanitize_mime_type()
sanitize_option()
sanitize_sql_orderby()
sanitize_text_field()
sanitize_title()
sanitize_title_for_query()
sanitize_title_with_dashes()
sanitize_user()
esc_url_raw()
wp_filter_post_kses()
wp_filter_nohtml_kses()

# Escaping: Securing Output:

esc_html()
esc_url()
esc_js()
esc_attr() 
esc_textarea()

( with Localization )
esc_html__()
esc_html_e()
esc_html_x()
esc_attr__()
esc_attr_e()
esc_attr_x()


Examples ( Sanitize: Secure Input ):

sanitize_email()

$sanitized_email = sanitize_email('     admin@example.com!     ');
echo $sanitized_email;
// It trim whitespace and special character and will
// Output: 'admin@example.com'

sanitize_file_name()

echo sanitize_file_name("_profile pic--1_.png");
// Output "profile-pic-1_.png"

sanitize_html_class()

// If you want to explicitly style a post, you can use the sanitized version of the post title as a class
$post_class = sanitize_html_class( $post->post_title );
echo $post_class;
sanitize_key()
echo sanitize_key("https://WordPress.org");
// Output "httpswordpressorg"

sanitize_meta()

$clean_value = sanitize_meta( 'birth-year', $user_input, 'user' );

sanitize_mime_type()

sanitize_mime_type( $mime_type );

sanitize_option()

sanitize_option( 'admin_email', 'admin@example.com!' );

sanitize_sql_orderby()
Ensures a string is a valid SQL ‘order by’ clause.

$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );

sanitize_text_field()

$title = sanitize_text_field( $_POST['title'] );
update_post_meta( $post->, 'title', $title );

sanitize_title()

echo sanitize_title("Sanitizing, in WordPress");
// Output "sanitizing-in-wordpress"

sanitize_title_for_query()

$query['name'] = sanitize_title_for_query( $query['name'] );

sanitize_title_with_dashes()

echo sanitize_title_with_dashes("I'm in LOVE with WordPress!!!1");
// Output: im-in-love-with-wordpress1

sanitize_user()
Only keep alphanumeric, _, space, ., -, @

$user = sanitize_user( $user );

esc_url_raw()
Use esc_url_raw() if you want to store a URL in a database or use in URL redirecting.
Else use esc_url()

$url = esc_url_raw( 'https://wordpress.org/' );

wp_filter_post_kses()
Sanitize content for allowed HTML tags for post content.

$content = wp_filter_post_kses( 'This tag is &lt;p&gt; working&lt;/p&gt;.' );

wp_filter_nohtml_kses()
Strips all of the HTML in the content.

$content = wp_filter_nohtml_kses('This tag is &lt;p&gt; working&lt;/p&gt;.' );

Examples ( Escaping: Securing Output ):

esc_html()

echo esc_html( '&amp;amp;amp;lt;strong&amp;amp;amp;gt;text&amp;amp;amp;lt;/strong&amp;amp;amp;gt; &amp;amp;amp;lt;b&amp;amp;amp;gt;bold&amp;amp;amp;lt;/b&amp;amp;amp;gt;' );

esc_url()

&amp;amp;amp;lt;img src="&amp;amp;amp;lt;?php echo esc_url( 'https://wordpress.org/logo.png' ); ?&amp;amp;amp;gt;" data-wpmedia-src="&amp;amp;amp;lt;?php echo esc_url( 'https://wordpress.org/logo.png' ); ?&amp;amp;amp;gt;" /&amp;amp;amp;gt;

esc_js()

var value = '&amp;amp;amp;lt;?php echo esc_js( $value ); ?&amp;amp;amp;gt;';

esc_attr()
Encodes the , &, ” and ‘ characters.

&amp;amp;amp;lt;?php $fname = ( isset( $_POST['fname'] ) ) ? $_POST['fname'] : ''; ?&amp;amp;amp;gt;
&amp;amp;amp;lt;input type="text" name="fname" value="&amp;amp;amp;lt;?php echo esc_attr( $fname ); ?&amp;amp;amp;gt;"&amp;amp;amp;gt;

esc_textarea()
Use esc_textarea() instead of esc_html() while displays text in textarea. Because esc_textarea() can double encode entities.

&amp;amp;amp;lt;textarea&amp;amp;amp;gt;&amp;amp;amp;lt;?php echo esc_textarea( 'Content goes here.' ); ?&amp;amp;amp;gt;&amp;amp;amp;lt;/textarea&amp;amp;amp;gt;

( with Localization )

esc_html__()

echo esc_html__('Text to translate', 'text-domain');

esc_html_e()

esc_html_e('Text to translate', 'text-domain')

esc_html_e()

esc_html_x('Date translate', 'post date', 'text-domain')

esc_attr__()

echo esc_attr__('Text to translate', 'text-domain');

esc_attr_e()

esc_attr_e('Text to translate', 'text-domain');

esc_attr_x()

esc_attr_x('Date translate', 'post date', 'text-domain')

$clean_value = sanitize_meta( 'birth-year', $user_input, 'user' );

sanitize_mime_type()

sanitize_mime_type( $mime_type );

sanitize_option()

sanitize_option( 'admin_email', 'admin@example.com!' );

sanitize_sql_orderby()

Ensures a string is a valid SQL ‘order by’ clause.

$attr['orderby'] = sanitize_sql_orderby( $attr['orderby'] );

sanitize_text_field()

$title = sanitize_text_field( $_POST['title'] );
update_post_meta( $post-&amp;gt;ID, 'title', $title );

Examples ( Escaping: Securing Output ):

esc_html()

echo esc_html( '&amp;lt;strong&amp;gt;text&amp;lt;/strong&amp;gt; &amp;lt;b&amp;gt;bold&amp;lt;/b&amp;gt;' );

Streamline your web font requests. Introducing “text=”

Google Fonts provides the attribute text= for

Optimizing your font requests (Beta)
Helps, If you google fonts for particular texts then use it. In some cases, this can reduce the size of the font file by up to 90%.

Visit: https://developers.google.com/fonts/docs/getting_started?hl=en

How to Use?

Checkout below example. Here, Google Fonts apply only for text “LOGO”.

  1. Your Google Font with requested font text e.g. http://fonts.googleapis.com/css?family=Special+Elite&text=LOGO

Here, Added text=LOGO. So, Google Font apply only for the text ‘LOGO’.

NOTE: Here, It apply for UPPER CASE letters. If we use text-transform: uppercase;.
Then it apply for that text too.

[codepen_embed height=”268″ theme_id=”0″ slug_hash=”Wrojpa” default_tab=”result” user=”maheshwaghmare”]See the Pen <a href=’http://codepen.io/maheshwaghmare/pen/Wrojpa/’>Wrojpa</a&gt; by Mahesh Waghmare (<a href=’http://codepen.io/maheshwaghmare’&gt;@maheshwaghmare</a>) on <a href=’http://codepen.io’>CodePen</a&gt;.[/codepen_embed]